image-20250322150905074

[!IMPORTANT]

0x01

访问靶场,回显源码

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

<?php

/*
# -*- coding: utf-8 -*-
# @Author: Lazzaro
# @Date:   2020-09-05 20:49:30
# @Last Modified by:   h1xa
# @Last Modified time: 2020-09-07 22:02:47
# @email: h1xa@ctfer.com
# @link: https://ctfer.com

*/

// 你们在炫技吗?
if(isset($_POST['c'])){
        $c= $_POST['c'];
        eval($c);
}else{
    highlight_file(__FILE__);
}

0x02

post传参c=print_r(scandir('./'));查看当前目录

image-20250322151752244

base64_php伪协议查看flag.php

image-20250322152209416

解码后发现被晃飞了

image-20250322152235585

目录扫描扫扫其他地方试试,发现flag.txt

image-20250322152415364

伪协议编码查看flag.txt

image-20250322155025669

解码后获得flag