I am playing with the web type of ctf Questions are as follows
<?php
if(!isset($_FILES["file"]))
highlight_file(__file__) && die();
$flag = file_get_contents('/flag');
$node = @`node {$_FILES["file"]["tmp_name"]} 2>&1`;
$python = @`python3 {$_FILES["file"]["tmp_name"]} 2>&1`;
if($flag === $node && $flag === $python)
echo 'Here is your Flag: '.$flag;
else
echo 'Fail :('; ?>
According to program logic, I uploaded two files I wrote using postman form-data, They are test.js and test.py respectively, I want to get the flag file content in the script and compare it with the $flag variable, But I can't get the $node variable and the $python variable to be true at the same time, I can't get the flag, ask for help
It looks to me like you need a single file that parses as valid JS and valid Python at the same time.
Here's the same code twice with Python and Javascript syntax highlighting:
a = 1 // 1 ; b = '''
// Put your Javascript code here.
// Python will just assign it to a string variable
console.log('Javascript running here');
/* '''
# Put your Python code here. Javascript will ignore it
# because it's inside a comment
print('Python running here')
# */
a = 1 // 1 ; b = '''
// Put your Javascript code here.
// Python will just assign it to a string variable
console.log('Javascript running here');
/* '''
# Put your Python code here. Javascript will ignore it
# because it's inside a comment
print('Python running here')
# */