梧席
ACTF2020新生赛BackupFile1
Q7nl1s admin
  2022-01-19 11:07:58 2022-01-19 11:07   2023-09-20 18:13:17      128 Words  

[ACTF2020 新生赛]BackupFile1

1

进入靶机没有任何提示,source文件也找不到,那就先dirsearch扫一下吧

2

扫到备份文件index.php.bak

3

下载后打开可以看到该网页的源码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<?php
include_once "flag.php";

if(isset($_GET['key'])) {
    $key = $_GET['key'];
    if(!is_numeric($key)) {
        exit("Just num!");
    }
    $key = intval($key);
    $str = "123ffwsfwefwf24r2f32ir23jrw923rskfjwtsw54w3";
    if($key == $str) {
        echo $flag;
    }
}
else {
    echo "Try to find out source file!";
}

简单看一下就知道是弱比较

1
payload:?key=123

4

拿到flag

 Comments
Comment plugin failed to load
Loading comment plugin
  1. [ACTF2020 新生赛]BackupFile1
© 2020 - 2024    Q7nl1s
Powered by Hexo & Theme Keep
Unique Visitor Page View
  1. [ACTF2020 新生赛]BackupFile1