backup: HCTF2018 Warmup Writeup
A easy challenge from HCTF 2018
The original plan was not to give the source code to come. Then I was told that if I didn’t give the source code, it would be impossible for people to solve it. And there was no easy Challenge, so the source code was given.
Okay, the process of solving this Challenge:
First of all, open the website and then look at F12, the comments hinted that there was source.php, a simple php audit, you can find that the problem appears in the following code
1 | $_page = urldecode($page); |
It can be bypassed with %253f, combined with the flag in ffffllllaaaagggg in hint.php (Sorry. Seems like I should have told flag in / in the challenge description)…
backup: HCTF2018 Warmup Writeup
http://aslin.site/2022/03/08/backup-HCTF2018-Warmup-Writeup/