Bite

So, let's go to one of the pages, Bit for example.

We'll see the url http://jh2i.com:50010/?page=bit

?page= imlies some form of LFI may be possible, as it looks like the specified page is imported into the template. So, let's go ahead and try http://jh2i.com:50010/?page=/etc/passwd

We'll find it gives an error about /etc/passwd.php not existing. This tells us it appends .php to the end of the page parameter and includes it.

Tony told me that a null byte causes the .php to become redundant as the null byte will terminate the string.

http://jh2i.com:50010/?page=/etc/passwd%00 works, displaying /etc/passwd.

So I took a guess and tried /flag.txt%00 and that gave the flag.

Flag: flag{lfi_just_needed_a_null_byte}

PreviousLightweight Contact Book NextLadybug

Last updated 5 years ago

Was this helpful?

hashtagFlag: flag{lfi_just_needed_a_null_byte}

Flag: flag{lfi_just_needed_a_null_byte}