ACTF2020新生赛BackupFile1
Q7nl1s admin

[ACTF2020 新生赛]BackupFile1

1

进入靶机没有任何提示,source文件也找不到,那就先dirsearch扫一下吧

2

扫到备份文件index.php.bak

3

下载后打开可以看到该网页的源码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<?php
include_once "flag.php";

if(isset($_GET['key'])) {
$key = $_GET['key'];
if(!is_numeric($key)) {
exit("Just num!");
}
$key = intval($key);
$str = "123ffwsfwefwf24r2f32ir23jrw923rskfjwtsw54w3";
if($key == $str) {
echo $flag;
}
}
else {
echo "Try to find out source file!";
}

简单看一下就知道是弱比较

1
payload:?key=123

4

拿到flag

 Comments
Comment plugin failed to load
Loading comment plugin
Powered by Hexo & Theme Keep
Unique Visitor Page View