萌新web17

It involves file-inculding, I wanna use php:// protocal but then I notice 'php' is filtered.

Therefore, I prepare to use another method -- Log Penetration.

That link within red rectangle returns the above message that shows the value of 'User-Agent' in HTTP Header has wiritten in log.

So we can add one word trojan in 'User-Agent' value.

 Then connect the server within AntSword.

 Get the flag.