SSRF Me
hint:flag is in ./flag.txt
拿到题目打开即是源码
右击查看源码发现是flask写的代码,有一个Task类和三个路由
接下来分析一下三个路由
#generate Sign For Action Scan.
@app.route("/geneSign", methods=['GET', 'POST'])
def geneSign():
param = urllib.unquote(request.args.get("param", ""))
action = "scan"
return getSign(action, param)
@app.route('/De1ta',methods=['GET','POST'])
def challenge():
action = urllib.unquote(request.cookies.get("action"))
param = urllib.unquote(request.args.get("param", ""))
sign = urllib