Website source code
Enter the environment, first we use bp to grab the package
Add two payloads after the HTTP request method GET/, one for blasting the file name and one for blasting the suffix name
Learn that the backup form of the webpage source code is www.zip, download the webpage source code
Open notepad file
Found this thing
You can get the flag by accessing the url
Bak file
Open the environment, we check the source code and find that the backup file is bak, and we know that the flag is in index.php, try index.php.bak
Download and open the file and we get the flag