$ cat writeup.md…
$ cat writeup.md…
hackadvisor
Task: PHP multilingual blogging platform with a language switcher that passes the lang GET parameter directly to include() without sanitization. Solution: Path traversal LFI (4 levels of ../) to read files, then Apache access log poisoning via User-Agent PHP injection to achieve RCE and read the flag from an environment variable.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar