Points: 75points + bonus 30
- Here we can see that there are a lot of pages in this website, verify each and every page for any entry points.
- Run dirbuster and verify the result.
- Then it shows that, there existing a folder named personal but can’t be accessed directly.
- Hmm. There is something special. Find any way to get there.
- The only entry point we can find is contact form. Look into contact page, submit with genuine values, It will redirect to another page which has lfi vulnerability.
- Here, we can try to access the personal/index.php then we get the flag.