当前位置:网站首页>Bugku's file contains
Bugku's file contains
2022-07-01 16:32:00 【Golden silk】
Open the connection
Only this line appears , There is nothing to look at the source code
Click and try
The source code is still nothing
But you can see URL More file It's a kind of reference , Point to show file , Direct access to this file , It's the same as the one above
According to the topic tips ,flag It should be in index.php It's in the code , Exploit the vulnerability contained in the file
There are many file inclusion vulnerabilities , Here we try the simplest PHP flow filter
structure
url?file=php://filter/convert.base64-encode/resource=index.php
It means that the target file index.php Code to base64 Code in the form of , Then the output
Encode the obtained code base64 Decoding can see index.php The code of
Get flag
边栏推荐
- Learn selenium to simulate mouse operation, and you can be lazy a little bit
- P2893 [USACO08FEB] Making the Grade G(dp&优先队列)
- Origin2018 installation and use (sorting)
- Principle of motion capture system
- Huawei issued hcsp-solution-5g security talent certification to help build 5g security talent ecosystem
- 怎麼用MySQL語言進行行列裝置?
- Problèmes rencontrés dans le développement de la GI pour maintenir le rythme cardiaque en vie
- Do280 management application deployment - pod scheduling control
- Apple's self-developed baseband chip failed again, which shows Huawei Hisilicon's technological leadership
- 【Hot100】19. Delete the penultimate node of the linked list
猜你喜欢
数据库系统原理与应用教程(002)—— MySQL 安装与配置:MySQL 软件的卸载(windows 环境)
实现数字永生还有多久?元宇宙全息真人分身#8i
2022 Moonriver global hacker song winning project list
Nuxt. JS data prefetching
Five years after graduation, I became a test development engineer with an annual salary of 30w+
【SQL语句】请问这边为什么select出了两个上海,查询出了不同的count我想让他变成一个上海,count只显示一个总和
Huawei issued hcsp-solution-5g security talent certification to help build 5g security talent ecosystem
独家消息:阿里云悄然推出RPA云电脑,已与多家RPA厂商开放合作
【Hot100】19. 删除链表的倒数第 N 个结点
普通二本,去过阿里外包,到现在年薪40W+的高级测试工程师,我的两年转行心酸经历...
随机推荐
laravel的模型删除后动作
Programming examples of stm32f1 and stm32subeide - production melody of PWM driven buzzer
process. env. NODE_ ENV
Win11如何設置用戶權限?Win11設置用戶權限的方法
Idea start command line is too long problem handling
[JetsonNano] [教程] [入门系列] [三] 搭建TensorFlow环境
Stonedb is building blocks for domestic databases, and the integrated real-time HTAP database based on MySQL is officially open source!
Pico,是要拯救还是带偏消费级VR?
Five years after graduation, I became a test development engineer with an annual salary of 30w+
Problèmes rencontrés dans le développement de la GI pour maintenir le rythme cardiaque en vie
VMware virtual machine failed during startup: VMware Workstation is incompatible with hyper-v
【Hot100】17. Letter combination of telephone number
Tutorial on principles and applications of database system (004) -- MySQL installation and configuration: resetting MySQL login password (Windows Environment)
Comment utiliser le langage MySQL pour les appareils de ligne et de ligne?
StoneDB 为国产数据库添砖加瓦,基于 MySQL 的一体化实时 HTAP 数据库正式开源!
Does 1.5.1 in Seata support mysql8?
Red team Chapter 8: blind guess the difficult utilization process of the package to upload vulnerabilities
Is the programmer's career really short?
Comment win11 définit - il les permissions de l'utilisateur? Win11 comment définir les permissions de l'utilisateur
Défaillance lors du démarrage de la machine virtuelle VMware: le poste de travail VMware n'est pas compatible avec hyper - V...