Test point: url encoding and decoding
Ideas:
1. Open the interface and find nothing.
2. Scan the background and find two pages: index.php index.php2
3. There is no content in index.php.
In index.phps, you see prompt
4. Read the code, which means that the value of the incoming parameter id cannot be "===" admin, but the decoded value of the url is "==" admin.
5. Because the browser will automatically decode the URL once, we need to encrypt it twice here.
admin --> %61dmin (a is encrypted).
%61dmin–>%2561dmin (% is encrypted)
6. Write the url and return the flag.
The flag is in index.php, not index.phps.