Byte Bandits CTF - R3M3MB3R Writeup
The following page was given by the task:
Without second thoughts, it’s clear this is about an LFI so I took the straightforward approach:
The source code of
eg.php had nothing useful, so I tried
index.php instead and found a filter.
After some attempts on getting the
index.php source code without success, I decided to try other ways, like Apache’s logs.
Some hours went by and the log infecction attempts were unsuccessful, because the URLs in the log files where URL encoded. Then an idea on trying to infect the log files through the
User-agent came up, via “Alisson Bezerra”.
And that worked…