Web [70 pts]
We first see a page containing text files, when we enter an input, we get directed to a location where there is a vulnerable search parameter.
Originally, we can also do LFI + RCE for this but I did RFI + RCE instead, using Pastebin and the following php code:
Using the above code in a pastebin link gives us this result:
We are interested in the directory “i_wonder_whats_in_here”, so our next payload will cat the contents of that directory:
Using this php payload in our pastebin and ?file= query, we look in page source and see the flag commented out: