当前位置:网站首页>[buuctf] [geek challenge 2019] secret file
[buuctf] [geek challenge 2019] secret file
2022-06-30 14:23:00 【aoao331198】
Open the topic
No idea , So look at the source code
See a hyperlink
Click in
Click the button in the middle
be aware url Medium end.php
Go back to the previous page , Click Open Web page source code
What we need action.php
So try to use bp Grab the bag and see if you can catch it
stay action.php You can see a response in the secr3t.php
So look at this page
The Chinese prompt is obvious , But this code shows that something is filtered , I have to use php://filter
complete payload
secr3t.php?file=php://filter/read=convert.base64-encode/resource=flag.php
Conduct base64 Decrypt it 
边栏推荐
- What is erdma as illustrated by Coptic cartoon?
- Problem: wechat developer tool visitor mode cannot use this function
- More than 20 years after Hong Kong's return, Tupu digital twin Hong Kong Zhuhai Macao Bridge has shocked
- Jetpack Compose 实现完美屏幕适配
- Deep understanding Net (2) kernel mode 4 Summary of kernel pattern constructs
- 重磅:国产IDE发布,由阿里研发,完全开源!
- Numpy creates an empty array data = np empty(shape=[1, 64,64,3])
- Thinkphp5 log file contains trick
- Realize a simple LAN communication (similar to feiqiu)
- Talk about Vue's two terminal diff algorithm, analysis of the rendering principle of the mobile terminal, and whether the database primary key must be self incremented? What scenarios do not suggest s
猜你喜欢
2021 geek challenge Web
remote: Support for password authentication was removed on August 13, 2021. Please use a personal ac
go channel && select
What is erdma as illustrated by Coptic cartoon?
Summary of use of laravel DCAT admin
![[scientific research data processing] [practice] frequency analysis chart of category variables, distribution chart of numerical variables and normality test (including lognormal)](/img/5a/eaa845f4332f0b8ee8b6409d6a79e8.png)
[scientific research data processing] [practice] frequency analysis chart of category variables, distribution chart of numerical variables and normality test (including lognormal)
The first three passes of sqli Labs
深入理解.Net中的线程同步之构造模式(二)内核模式4.内核模式构造物的总结
Deep understanding Net (2) kernel mode 2 Kernel mode construct semaphone
【Redis 系列】redis 学习十六,redis 字典(map) 及其核心编码结构
随机推荐
Step by step | help you easily submit Google play data security form
Defi "where does the money come from"? A problem that most people don't understand
PHP 2D array change key name
Laravel artist command error
Detailed explanation of the first three passes of upload Labs
[redis series] redis learning 16. Redis Dictionary (map) and its core coding structure
Solution cannot use a scalar value as an array
PHP multidimensional array sorting
深入理解.Net中的线程同步之构造模式(二)内核模式3.内核模式构造物Mutex
[observation] as the intelligent industry accelerates, why should AI computing power take the lead?
Att & CK red team evaluation field (I)
JMeter transaction controller
I love network security for new recruitment assessment
Implementation of forwarding server using IO multiplexing
I'd like to ask you, where can I open an account in Foshan? Is it safe to open a mobile account?
Solve the error in my QT_ thread_ global_ End(): 3 threads didn't exit
Fastcgi CGI shallow understanding
ot initialized – call ‘refresh’ before invoking lifecycle methods via the context: Root WebApplicati
@Component use cases
I want to ask how to open an account at China Merchants Securities? Is it safe to open a stock account through the link