0x00 Topic Analysis
Browse through the page and on the About page, get the following information
Access. git/, page exists.
Use Githack to chop down. Get the source code, and conduct an audit.
The analysis obtained:
1.flag on the flag page, to see the source code to see.
2. Parameter filter: /That is, limited to this directory only
3. The EXISTS function determines the existence of the file.
Ways to solve problems in 0x01
Clarify the idea, to see the source code, there are several methods.
1. System command execution, cat and other functions
2. Function execution, Show_source, etc.
3. Package the files and download them.
The most likely thing here is that the function is executed, although there is a "require_once" below, but because of the limitations of the two statements above, there is no remote inclusion.
Throw code into the software auto-audit.
Obviously, the key is in the Assert function, the Internet to find relevant information.
The function introduction refers to the following pages:
https://www.douban.com/note/217557007/
The understanding of this function is that the function executes the statement inside the parentheses, and the Boolean truth of the sentence inside the brackets is not true, it will prompt warning.
The following is a test of this function.
There is no prompt when it is true.
So, this question.
Notice the closing of the single quotation marks, parentheses, and so forth. The available parameters should be
Page=1 ') = = (Show_source (' templates/flag.php '));//
Find one of these online:
Page= ' and Die (Highlight_file (' templates/flag.php ')) or '
This is written using the second assert, and the final sentence is:
Executes three statements, and the "or" in it can be replaced with "and"
0x02 Summary
Magical php Function: Assert, this function can be used to write horses over dogs, but a word of the dog is too simple.
What questions do not ask the magic conch first?
Continue to learn ~ ~
[XCTF Carnival Tour] (web) WEB2 assert function