Filtering through the code | Notion

We are provided the source code and we can see that:

Exploiting with `php://filter`

php://filter is a built-in PHP stream wrapper.

Think of it like this:

PHP treats both as valid inputs to include().
- A normal file path:
```
index.php
```
- —OR— A stream wrapper path:
```
php://filter/...
```

This is a very common technique that allows for LFI (Local File Inclusion)

We can read the php source code (base64 encoded) and view the flag by passing the correct php://filter resource location in as a GET parameter. (page=somevalue)

<http://sem2ctf.icsi.cyber:3444/?page=php://filter/convert.base64-encode/resource=index.php>

Copy that value, base64 decode, and you’ll find the flag in the php code.