1. Intranet access
Directly access 127.0.0.1/flag.php
2. Pseudo protocol to read files
You can use the file protocol in the php pseudo protocol to
construct the payload: file:///var/www/html/flag.php
flag in the source code
3. Port scan
The dict protocol can be used to detect open ports.
Construct payload dict: //127.0.0.1: port number.
Use burpsuite for blasting. The
open port is 8666
for access.
Get flag