BUUCTF-[ACTF2020 Freshman Competition] BackupFile

Enterprise 2023-08-08 21:17:19 views: null

[ACTF2020 Freshmen Competition] BackupFile

Table of contents

topic

image-20230627204937152

answer

open into range

image-20230627205010403

tell us to try to find the source file

View the source code of the web page:

image-20230627205052363

found nothing

According to the topic prompt

According to the topic analysis, we can try to blast the directory to get some information, or try to visit /index.php to see if there is a response, and whether there is a page backup file

Try to access /index.php

image-20230627205721071

Found to be accessible normally.

Visit /flag.php, whether it exists

image-20230627205823997

It is found that it can be accessed normally, but there is no echo, indicating that there are certain conditions or filtering information in the source code.

Next, we continue to analyze, the source code backup file of the website, guess whether it is /index.php.bak, try to access

It is found that the information about downloading the backup file appears

image-20230627210045623

After downloading locally, open it with a text editor

Open and find the source code

image-20230627210136405

Through the analysis of the source code, we can see that among the passed key parameters, there is a PHP weak comparison (==), and the key point is the is_numeric function

There are two comparison symbols == and === in php

=== When comparing, it will first judge whether the types of the two strings are equal, and then compare.

== When comparing, it will first convert the type of the string to the same, and then compare

"=="类型转换的规则
1、字符串和数字比较,字符串会被转换成数字。
如:"root"==0(true)//root被转换成数字,由于root是字符串,转换失败,int(root)=0,所以比较结果是true。

2、混合字符串转换成数字,看字符串的第一个。
如:"123root"==123 "2goodyou"==2

The is_numeric() function is used to detect whether a variable is a number or a string of numbers. Returns TRUE if the specified variable is a number and a string of numbers, otherwise returns FALSE.

Look at the string given by the str variable in the source code, and output the if control statement,

image-20230627211900346According to the above conclusions, we can construct the payload as:

/index.php?key=123

image-20230627211926664

Get the flag of this question, the flag is:

flag{73b7db44-cd8f-4f2c-958f-9492738f0fdd}

If the article is inappropriate, criticism and correction are welcome!

Guess you like

Origin blog.csdn.net/rumil/article/details/131430484
Recommended
Ranking
Filecoin-the core mission of storing the most important information of mankind
Release of rush monitoring software version
Why does parseInt warn of using valueOf
Arduino与Proteus仿真实例-MAX6955驱动8位16段LED仿真
How can I define index on inherited fields in MongoDB with Spring Data?
Gradio: a new frontier for interactive Python data applications
JavaScript implements checkbox selection
JAVA study notes—IO flow
Test set: 23 groups of basic test function introduction and images (provide python code)
Ubuntu22.04 of golang builds beego development environment
Daily
More
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)
2024-07-21(0)
2024-07-20(0)
2024-07-19(0)

Code World

© 2018 codetd.com