Include

Challenge details

Solution

Clicking on the link redirected us to a new tab. The content was pretty straight forward. Since the author mentioned that it's not a phishing link, I decided to click on it :)

New content was shown. The file parameter in the URL address bar immediately caught my attention. It's a classic LFI vulnerability for sure. The location of the flag was mentioned in the description. Let's include that as our parameter value.

And we got the flag.

Flag

GCTF2023{LFI_1nclud3_1s_d4ng3rous}