[网鼎杯 2018]Fakebook
ssrf参考:https://www.freebuf.com/articles/web/260806.html
wp参考:https://blog.csdn.net/weixin_43940853/article/details/105081522
遇事不决扫后台
robots.txt泄露源码
/user.php.bak,审计一下
//user.php.bak
<?php
class UserInfo
{
public $name = "";
public $age = 0;
public $blog = "";
public function __construct($name, $age, $blog)
{
$this->name = $name;
$this->age = (int)$age;
$this->blog = $blog;
}
function get($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$output = curl_exe