Fileview

Web [70 pts]


We first see a page containing text files, when we enter an input, we get directed to a location where there is a vulnerable search parameter.

https://file_viewer.tjctf.org/reader.php?file=lmao

Step 1


Originally, we can also do LFI + RCE for this but I did RFI + RCE instead, using Pastebin and the following php code:

Using the above code in a pastebin link gives us this result:

Step 2


We are interested in the directory “i_wonder_whats_in_here”, so our next payload will cat the contents of that directory:

Using this php payload in our pastebin and ?file= query, we look in page source and see the flag commented out:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s