Writeup Music Shop (bioterra ctf)

This is a basic challenge of RFI. Starting with front-end website, we can see 4-mode header site includes: HomeMUSIC PLAYERMUSIC VIDEOSCONTACT.

but Home and Contact is nothing, Music videos is only redirect to YOUTUBE channel.

So we should follow Music player mode page.

firstly, we should understand how it works.

This javascript is used in this case, let’s check updateSource function

this html5 will download source of music file when we click on this picture.

follow the link we can leak something

success!! ^.^

Now, we can leak source code. robots file shows the backend system is in admin/

so try to leak index.php

And flag is in config.php

have fun!

