This challenge sent us to the following page:
After a few attempts at the
index.php?file, I opened the source code of the index and I saw a file
favicon.php?id=6, it seemed strange, so I changed the id by an X and I got something like that back:
No files named './favicons/x.png', './favicons/x.ico' or './favicons/x.php' found
So I decided to try to search for the index and it worked!
In the index there were two more files:
Looking at the helpers.php code, there was a file indicating the location of the flag:
We could not access this file since it is a txt and
favicon.php does not accept txt files.
Going back to the
Looking at the code more calmly, we can see that it is blocking
php: and the file of the flag. We need to bypass however, by looking more closely at the
helpers.php file, it is possible to see that it is being replaced
and `./` by.