Find and exploit the vulnerability to read the file .passwd .------------- find and exploit this vulnerability to read files .passwd.
assert:
This function is in php language used to judge whether an expression is established. Return true or false;
assert ( mixed $assertion [, string $description ] ) : bool
If the assertion is a string, it will be assert () as PHP code to execute.
After the start of the challenge, just add a little, so that the code error
According to error prompt, stitching payload:
Payload:
%27,%27...%27)%20===false%20and%20%20system(%27cat%20.passwd%27)%20and%20strops(%27