Carthagods - 496pts (third blood) Introduction This is a writeup about the carthagods web exploitation challenge from the 3k CTF 2k20. It’s a sayefi writeup, so not that much of explaining all the little details and stuff. Hope you enjoy.
Description TL;DR Leak the parameter name used to include files Get some informations about configurations with the given info.php that calls phpinfo() function. Read the flag from the caching system (Zend Opcache) located at /var/www/cache/ Overview We are presented with a page that has some choices that turned out they are file names located in the thecarthagods directory.