CG-CTF（2）

　　CG-CTF

　　https://cgctf.nuptsast.com/challenges#Web

　　Continued ~

　　Q7: Single two decades

　　View the source code;

　　In Flag acquired (Cheers ~);

　　This problem can also be burp capture, view return information made flag;

　　(As to why and hand speed related thought to understand ...);

　　Q8: php decode

　　Analysis: directly from the decoder, code analysis: defines a function CLSI (), with the gzinflate () function and decompression base_decode () BASE64 encoded string decoding function, and then a loop for each character string corresponding to a the ASCII code instead of a return value. eval () function is calculated in accordance with the PHP code string;

　　Idea: simply echo the results can be printed out;

　　In Flag acquired (Cheers ~);

　　Ninth title: file contains

　　View the source code;

　　Analysis:? File = show.php, it is clear that here is a file that contains the vulnerability, and which I have done before a PTE file containing a similar problem, flag should be hidden in the php code, such as hiding inside a comment, it does not show up, so the idea is to look at the contents of the PHP file directly instead of letting them code execution;

　　1 idea: construct URL, here used php package agreement php: //, and file content using base64 encryption, to ensure the php code is not executed, so that we can read the encrypted content;

　　In Flag is then decoded to obtain (Cheers ~);

　　2 ideas: the URL structure, also uses a built-in encapsulation protocol PHP php: // input, then burp Ethereal, readfile () function attempts to read the file;