{"height":"190","blog_url":"https://blog.hamayanhamayan.com/","version":"1.0","author_url":"https://blog.hatena.ne.jp/hamayanhamayan/","type":"rich","image_url":null,"categories":["Security"],"width":"100%","title":"HackTM CTF 2023 Writeup","url":"https://blog.hamayanhamayan.com/entry/2023/02/19/211851","provider_name":"Hatena Blog","description":"[web] Blog [web] Blog \u30d5\u30e9\u30b0\u306f/02d92f5f-a58c-42b1-98c7-746bbda7abe9/flag.txt\u306b\u3042\u308a\u3001LFI\u3092\u3059\u308b\u306e\u304c\u6700\u7d42\u76ee\u6a19\u3002 \u307e\u305a\u3001\u76ee\u3092\u5f15\u304f\u306e\u304cindex.php\u306e\u4ee5\u4e0b\u306e\u90e8\u5206\u3002 $user = unserialize(base64_decode($_COOKIE[\"user\"])); \u660e\u3089\u304b\u306b\u30d0\u30c3\u30c9\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3067\u3042\u308a\u3001Unsafe Deserialization\u3092\u5229\u7528\u3059\u308b\u3053\u3068\u3067\u4efb\u610f\u306eUser\u30af\u30e9\u30b9\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u751f\u6210\u53ef\u80fd\u3067\u3042\u308b\u3002 \u3069\u306e\u3088\u3046\u306a\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u4f5c\u308c\u3070LFI\u3067\u304d\u308b\u3060\u308d\u3046\u304b\u3068\u3044\u3046\u306e\u3092\u8003\u3048\u308b\u3068\u3001util.php\u306eProfile\u30af\u30e9\u30b9\u306b \u2026","blog_title":"\u306f\u307e\u3084\u3093\u306f\u307e\u3084\u3093\u306f\u307e\u3084\u3093","provider_url":"https://hatena.blog","published":"2023-02-19 21:18:51","author_name":"hamayanhamayan","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fblog.hamayanhamayan.com%2Fentry%2F2023%2F02%2F19%2F211851\" title=\"HackTM CTF 2023 Writeup - \u306f\u307e\u3084\u3093\u306f\u307e\u3084\u3093\u306f\u307e\u3084\u3093\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>"}