I'm new to programming, and I'm sorry if this is a really obvious question, which I think it is. I'm participating in a beginner CTF event, and I managed to find the following PHP code for a website:
The way to get the flag is to input a valid filename into a HTML input on the website. Does anyone know a vulnerability which would allow me to insert '/flag.txt', which is where the flag is?
PHP:
$firstChar = $_POST['filename'][0];
if (strcmp($firstChar, '/') == 0) {
echo "Not Authorized";
} else {
if (file_exists($_POST['filename'])) {
$file = fopen($_POST['filename'], 'r');
while (!feof($file)) {
$line = fgets($file);
echo $line.
"
";
}
fclose($file);
} else {
echo "File does not exist";
}
}The way to get the flag is to input a valid filename into a HTML input on the website. Does anyone know a vulnerability which would allow me to insert '/flag.txt', which is where the flag is?
