A. Into the test environment
Tip 1. After we enter into the domain: try to enter baidu.com, but no response
2. enter 127.0.0.1, show the results of a ping, the pipe may be used to guess whether the command.
Enter 127.000.1 | ls, really useless, guess should be filtered.
According Gangster approach:
3. Enter @ found not filtered.
Try to enter the url of the wide character, such as%bf,返回一堆代码,应该是报错的信息。
So much so read on the code does not work, we will save it as a suffix to the .html file, and then open it
The same will return code, save it to html and then open the inside:
You can find some sensitive information and database-related, where we can @
read the contents of the documents, we construct @ / opt / api / database.sqlite3, get flag.