Tags: web lfi
Rating:
## 60 - Programmable Hyperlinked Pasta - Web
> Written by nthistle
>
> Check out my new site! PHP is so cool!
>
> programmable_hyperlinked_pasta.tjctf.org
Just check the source:
```html
<body>
<div id="main-block">
<h1> Neil's Site! </h1>
I'm Neil, and this is my site. I work here with my good friends Evan and Aneesh. Everything on here has a story and a price. One thing I've learned after 18 years - you never know what is gonna get you that flag.
<div id="footer">
Now in Spanish!</div>
</body>
```
There is a `flag.txt` somewhere and a url `?lang=es.php` that looks LFI injectable.
So just run https://programmable_hyperlinked_pasta.tjctf.org/?lang=../flag.txt and get the flag: `tjctf{l0c4l_f1l3_wh4t?}`.
