LFI

Posted on 2017-08-22 | Edited on 2017-10-12 |

PHP LFI

坑点是后面会加一个.html

这里的思路是加一个%00

Everything after the null byte will be deleted.

太帅了=_^

好像就是传说中的 Null Byte Injection ？

http://www.wechall.net/challenge/training/php/lfi/up/index.php?file=../../solution.php%00

Post author: Ir1d
Post link: https://ir1d.cf/2017/08/22/ctf/LFI/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.