知识点
- ssrf
- nginx配置文件
- CVE-2019-10160:urlsplit NFKD 标准化漏洞
题目源码
@app.route('/getUrl', methods=['GET', 'POST'])
def getUrl():
url = request.args.get("url")
host = parse.urlparse(url).hostname #解析出主机名
if host == 'suctf.cc':
return "我扌 your problem? 111"