Retrieve the administrator password of this application.
To introduce file contains ------------ first need to link Google
https://medium.com/@Aptive/local-file-inclusion-lfi-web-application-penetration-testing-cc9dc8dd3601
https://chybeta.github.io/2017/10/08/php%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E/
As used herein php: // filter pseudo-protocol:
payload:
http://challenge01.root-me.org/web-serveur/ch12/?inc=php://filter/convert.base64-encode/resource=login.php
After reading the contents of login.php base64 decryption:
According to another php code, read the contents of config.php file: