Local File Inclusion

• Points: 30
• Link: https://www.root-me.org/en/Challenges/Web-Server/Local-File-Inclusion

Statement

Get in the admin section.

Analyzation

Click the challenge’s link

Nothing much to do. Click on any tab.

There is a query. So I guess files is for a directory.

Click on any file on the screen

There is a new query. This time I guess f is for a file.

Let’s do some path traversal

So we can only travel back to one directory.

There is it, admin. But is it a file or a directory? Try both of them, I know it is a directory.

index.php file! Read it

Check these lines in that file

$realm = 'PHP Restricted area';
$users = array('admin' => 'OpbNJ60xYpvAQU8');

That’s our flag.

The flag is

OpbNJ60xYpvAQU8