WeChall_Training: PHP LFI (Exploit, PHP, Training)

Your mission is to exploit this code, which has obviously an LFI vulnerability:

GeSHi`ed PHP code

1
2

$filename = ‘pages/‘.(isset($_GET["file"])?$_GET["file"]:"welcome").‘.html‘;
include $filename;

There is a lot of important stuff in ../solution.php, so please include and execute this file for us.

Here are a few examples of the script in action (in the box below):
index.php?file=welcome
index.php?file=news
index.php?file=forums

For debugging purposes, you may look at the whole source again, also as highlighted version.

解题:

  因为字符串后面加了个".html",完全不知道怎么处理,去搜了题解,发现可以用%00来截断,然后就试了下?file=../../solution.php%00,发现不存在这个文件,看了题解发现是?file=../../solution.php%00。。

时间: 2024-11-03 01:22:34

WeChall_Training: PHP LFI (Exploit, PHP, Training)的相关文章

WeChall_Training: Crypto - Caesar I (Crypto, Training)

As on most challenge sites, there are some beginner cryptos, and often you get started with the good old caesar cipher.I welcome you to the WeChall style of these training challenges :) Enjoy! VJG SWKEM DTQYP HQZ LWORU QXGT VJG NCBA FQI QH ECGUCT CPF

Wechall 部分WP

前言: 开始打CTF,掌握一些新的姿势与知识. 这里我选择的平台是Wechall.这里从简单到难 WP部分: Training: Get SourcedAnswer: 查看网页源代码 Training: Stegano IAnswer 这里有张图片,下载.用十六进制打开获得password Training: Crypto - Caesar IAnswer 题目提示凯撒密码加密.这里感谢一下群里某位师傅发的进制转换器.很好用 Training: WWW-Robots (HTTP, Trainin

[WeChall] Training: MySQL I (MySQL, Exploit, Training)

Training: MySQL I (MySQL, Exploit, Training) MySQL Authentication Bypass - The classic This one is the classic mysql injection challenge. Your mission is easy: Login yourself as admin. Again you are given the sourcecode, also as highlighted version.

WeChall_Training: Programming 1 (Training, Coding)

When you visit this link you receive a message.Submit the same message back to http://www.wechall.net/challenge/training/programming1/index.php?answer=the_messageYour timelimit is 1.337 seconds 解题: 先在浏览器获取自己的cookie,再用python写了个自动提交的程序,header加上自己的cooki

WeChall_Training: Encodings I (Training, Encoding)

We intercepted this message from one challenger to another, maybe you can find out what they were talking about.To help you on your progress I coded a small java application, called JPK.Note: The message is most likely in english. 1010100110100011010

WeChall_Training: ASCII (Training, Encoding)

In a computer, you can only work with numbers.In this challenge you have to decode the following message, which is in ASCII. 84, 104, 101, 32, 115, 111, 108, 117, 116, 105, 111, 110, 32, 105, 115, 58, 32, 98, 111, 108, 102, 111, 110, 111, 105, 97, 10

WeChall_Training: Get Sourced (Training)

The solution is hidden in this page Use View Sourcecode to get it 解题: 网页源码,最后一行 <!-- You are looking for this password: html_sourcecode -->

LFI &amp; RFI &amp; PHP封装协议之安全问题研究

目录 1. 文件包含的基本概念 2. LFI(Local File Include) 3. RFI(Remote File Include) 4. PHP中的封装协议(伪协议).PHP的流式文件操作模式所带来的问题 1. 文件包含的基本概念 严格来说,文件包含漏洞是"代码注入"的一种."代码注入"这种攻击,其原理就是注入一段用户能控制的脚本或代码,并让服务器端执行."代码注入"的典型代码就是文件包含(File Inclusion),我的理解是叫&

本地文件包含漏洞(LFI漏洞)

0x00 前言 本文的主要目的是分享在服务器遭受文件包含漏洞时,使用各种技术对Web服务器进行攻击的想法. 我们都知道LFI漏洞允许用户通过在URL中包括一个文件.在本文中,我使用了bWAPP和DVWA两个不同的平台,其中包含文件包含漏洞的演示.通过它我以四种不同的方式执行LFI攻击. 0x01 基本本地文件包含 在浏览器中输入目标IP,并在BWAPP内登录(bee:bug),现在选择bug:remote & local file Inclusion,然后点击hack. 打开具有RFI和LFI漏