Tags: lfi web picoctf sqli
Rating: 0
Use the filter + base64 LFI method to leak source code. Then, we see that we can still force the application to deserialize the legacy version of the cookie, which is still vulnerable. With a sqli on the cookie, you can figure out the flag character by character.