- PHP's SSTI template injection
- Go inside and you see a beautiful page
- You can't help but order Flag
- It tells you your IP address, but it doesn’t seem to be my IP address, right?
- Then I clicked HINT
- Look at the source code and find nothing. Look at wp
- Found weird in X-Forwarded-For
- Grab a package and add X-Forwarded-For: {
{127.0.0.1}}
- Learned python template injection to mess around a few times
{system("ls /")}
{system("cat /flag")}
BUUCTF The mystery of ip
Guess you like
Origin blog.csdn.net/CyhDl666/article/details/114371798
Recommended
Ranking