WeChall_Training: PHP LFI (Exploit, PHP, Training)
Your mission is to exploit this code, which has obviously an LFI vulnerability:
1 |
$filename = 'pages/'.(isset($_GET["file"])?$_GET["file"]:"welcome").'.html'; |
There is a lot of important stuff in ../solution.php, so please include and execute this file for us.
Here are a few examples of the script in action (in the box below):
index.php?file=welcome
index.php?file=news
index.php?file=forums
For debugging purposes, you may look at the whole source again, also as highlighted version.
解题:
因为字符串后面加了个".html",完全不知道怎么处理,去搜了题解,发现可以用%00来截断,然后就试了下?file=../../solution.php%00,发现不存在这个文件,看了题解发现是?file=../../solution.php%00。。
WeChall_Training: PHP LFI (Exploit, PHP, Training)的更多相关文章
- WeChall_Training: Crypto - Caesar I (Crypto, Training)
As on most challenge sites, there are some beginner cryptos, and often you get started with the good ...
- Wechall 部分WP
前言: 开始打CTF,掌握一些新的姿势与知识. 这里我选择的平台是Wechall.这里从简单到难 WP部分: Training: Get SourcedAnswer: 查看网页源代码 Training ...
- 【HTB系列】Beep
出品|MS08067实验室(www.ms08067.com) 这次挑战的是 HTB 的第5台靶机:Beep,评分很高,难度中等 靶机描述 Beep 运行了大量的服务,这对正确发掘入口点有一定的挑战,由 ...
- [WeChall] Training: MySQL I (MySQL, Exploit, Training)
Training: MySQL I (MySQL, Exploit, Training) MySQL Authentication Bypass - The classic This one is t ...
- Training: MySQL I (MySQL, Exploit, Training)
题目链接:http://www.wechall.net/challenge/training/mysql/auth_bypass1/index.php?highlight=christmas 的确是非 ...
- WeChall_Training: Programming 1 (Training, Coding)
When you visit this link you receive a message.Submit the same message back to http://www.wechall.ne ...
- WeChall_Training: Get Sourced (Training)
The solution is hidden in this page Use View Sourcecode to get it 解题: 网页源码,最后一行 <!-- You are look ...
- WeChall_Training: ASCII (Training, Encoding)
In a computer, you can only work with numbers.In this challenge you have to decode the following mes ...
- WeChall_Training: Encodings I (Training, Encoding)
We intercepted this message from one challenger to another, maybe you can find out what they were ta ...
随机推荐
- 解决阿里云ECS下kubeadm部署k8s无法指定公网IP
背景 一般情况下,"kubeadm"部署集群时指定"--apiserver-advertise-address=<public_ip>"参数,即可在 ...
- 动态规划,以LeetCode-CombinationSumIV问题为例
简介: 动态规划问题面试中经常遇到的问题之一,按照动态规划的一般定义,其一般解法在于将大问题分解为很多小问题去解决,但是我在遇到很多实际的问题时,想法都是强行的去将问题分解,而忽略了分解的必要性和途径 ...
- java架构之路(多线程)大厂方式手写单例模式
上期回顾: 上次博客我们说了我们的volatile关键字,我们知道volatile可以保证我们变量被修改马上刷回主存,并且可以有效的防止指令重排序,思想就是加了我们的内存屏障,再后面的多线程博客里还有 ...
- CF825G Tree Queries
[题意] 一棵树有 n个节点,初始均为白色,有两种操作: 1. 1 x 代表把结点 x 设置为黑色 2. 2 x 代表查询 x 到树上任意一个黑色结点的简单路径上的编号最小的结点的编号 输入 t 和 ...
- Flutter使用SingleTickerProviderStateMixin报错
最近在学习开发Flutter应用项目,在创建tabbar和tabview后,进行网络请求后显示顶部tab标签,设置TabController,并使class类实现SingleTickerProvide ...
- mysql中emoji表情存储
mysql中emoji表情存储 背景 在mysql 5.7.19,创建的数据库默认选择的编码是utf8 -- UTF-8 Unicode,因此字段默认的编码为utf-8,但在项目开发中存在一个需求:在 ...
- Node: 使用nrm管理npm源
一.简介 npm是一款非常好用的包管理工具,在前端开发中很多时候都会使用npm安装其他包文件.但是,npm安装某些包时有时会安装地很慢,这是因为npm管理的源中有些是国外的,包下载的时候需要花费很多时 ...
- 可视化限流管理,Sentinel 控制台启动和接入
Sentinel 的使用可以分为核心库和控制台两个部分. 核心库不依赖任何框架/库,集成了主流框架,可以进行单机限流降级等功能, 控制台Dashboard提供了可视化的管理限流规则.对集群进行监控,集 ...
- RocketMQ 解决 No route info of this topic 异常步骤
原文地址:https://blog.csdn.net/chenaima1314/article/details/79403113 rocketmq运行时提示 No route info of this ...
- Excel Application操作指南
概述 Application对象是Microsoft Office Excel 2007对象模型中最高级别的对象,表示Excel程序自身.Application对象提供正在运行的程序的信息.应用于程序 ...