当前位置:网站首页>Bugku's file contains
Bugku's file contains
2022-07-01 16:32:00 【Golden silk】
Open the connection
Only this line appears , There is nothing to look at the source code
Click and try
The source code is still nothing
But you can see URL More file It's a kind of reference , Point to show file , Direct access to this file , It's the same as the one above
According to the topic tips ,flag It should be in index.php It's in the code , Exploit the vulnerability contained in the file
There are many file inclusion vulnerabilities , Here we try the simplest PHP flow filter
structure
url?file=php://filter/convert.base64-encode/resource=index.php
It means that the target file index.php Code to base64 Code in the form of , Then the output
Encode the obtained code base64 Decoding can see index.php The code of
Get flag
边栏推荐
- Malaysia's Star: Sun Yuchen is still adhering to the dream of digital economy in WTO MC12
- Share the daily work and welfare of DJI (Shenzhen headquarters) in Dajiang
- 韩国AI团队抄袭震动学界!1个导师带51个学生,还是抄袭惯犯
- 【SQL语句】请问这边为什么select出了两个上海,查询出了不同的count我想让他变成一个上海,count只显示一个总和
- Idea start command line is too long problem handling
- Crypto Daily: Sun Yuchen proposed to solve global problems with digital technology on MC12
- Comment win11 définit - il les permissions de l'utilisateur? Win11 comment définir les permissions de l'utilisateur
- I'm a senior test engineer who has been outsourced by Alibaba and now has an annual salary of 40w+. My two-year career changing experience is sad
- Tutorial on the principle and application of database system (005) -- Yum offline installation of MySQL 5.7 (Linux Environment)
- C#/VB. Net merge PDF document
猜你喜欢
IM即時通訊開發實現心跳保活遇到的問題
SQLServer查询: a.id与b.id相同时,a.id对应的a.p在b.id对应的b.p里找不到的话,就显示出这个a.id和a.p
程序员职业生涯真的很短吗?
How to adjust the color of the computer screen and how to change the color of the computer screen
![[nodemon] app crashed - waiting for file changes before starting... resolvent](/img/ee/9830afd86e092851a2a906cb994949.png)
[nodemon] app crashed - waiting for file changes before starting... resolvent
She is the "HR of others" | ones character
芯片供应转向过剩,中国芯片日产增加至10亿,国外芯片将更难受
Germany if was crowned with many awards. How strong is this pair of headphones? In depth evaluation of yinpo GTW 270 hybrid
【Hot100】17. Letter combination of telephone number
Pico, do you want to save or bring consumer VR?
随机推荐
VMware 虛擬機啟動時出現故障:VMware Workstation 與 Hyper-v 不兼容...
运动捕捉系统原理
Submission lottery - light application server essay solicitation activity (may) award announcement
Action after deleting laravel's model
动作捕捉系统用于苹果采摘机器人
How to use phpipam to manage IP addresses and subnets
Talking from mlperf: how to lead the next wave of AI accelerator
The sharp drop in electricity consumption in Guangdong shows that the substitution of high-tech industries for high-energy consumption industries has achieved preliminary results
Idea start command line is too long problem handling
Germany if was crowned with many awards. How strong is this pair of headphones? In depth evaluation of yinpo GTW 270 hybrid
[nodemon] app crashed - waiting for file changes before starting... resolvent
IM即时通讯开发实现心跳保活遇到的问题
SQLServer查询: a.id与b.id相同时,a.id对应的a.p在b.id对应的b.p里找不到的话,就显示出这个a.id和a.p
Tutorial on the principle and application of database system (003) -- MySQL installation and configuration: manually configure MySQL (Windows Environment)
Pico,是要拯救还是带偏消费级VR?
In the era of super video, what kind of technology will become the base?
制造业数字化转型究竟是什么
How to use MySQL language for row and column devices?
What is the digital transformation of manufacturing industry
Huawei issued hcsp-solution-5g security talent certification to help build 5g security talent ecosystem