Web_python_template_injection of the world of attack and defense (web advanced) - Code World

Web_python_template_injection of the world of attack and defense (web advanced)

Enterprise 2023-10-02 22:03:22 views: null

Test point: python template vulnerability

After opening, you see the prompt: python template injection (python template injection)
changes the URL and gets an echo.
Insert image description here
Indicates a vulnerability exists. Pass in the parameter config. Get echo.

No valid messages found. Change the incoming parameters.

It was found that the incoming command "ls" was executed and the file fl4g was found.
Command explanation:

The command effect is to execute the command in the popen() function .
Among them:
1. __ class__ _ : View the class to which the variable belongs
2. __ init __ : Initialize the class and return the function
3. __ globals __: Get the modules, methods and all variables that can be used in the space where the function is located
4. os.popen () Open a pipe from a command

Read fl4g files.
Insert image description here

Guess you like

Origin blog.csdn.net/my_name_is_sy/article/details/125516418

Web_python_template_injection of the world of attack and defense (web advanced)

Web_php_unserialize (web advanced) in the world of attack and defense

Attack and Defense World PHP2 (web advanced)

Training-WWW-Robots in the world of attack and defense (web advanced)

XCTF Attack and Defense World Web

Web Beginner’s Exercise in the World of Attack and Defense

Solution to unserialize3 problem in the advanced area of the Attack and Defense World Web

Attack and Defense World-web2 (NSCTF-WEB)

[Yugong Series] June 2023 Attack and Defense World-Web (blgdel)

【Yugong Series】June 2023 Attack and Defense World-Web（comment）

[Yugong Series] June 2023 Attack and Defense World-Web (upload)

[Yugong Series] June 2023 Attack and Defense World-Web (Triangle)

Command_execution of the world of attack and defense (web is simple)

Attack and defense world xff_referer (web simple)

Get_post of the world of attack and defense (web simple)

Attack and defense world simple_php (web simple)

Common web attack and defense

web common attack and defense

Web Application Attack and Defense

[Yugong Series] June 2023 Attack and Defense World-Web (Web_php_wrong_nginx_config)

【Attack and Defense World】easyphp

[Foolish Old Man Series] May 2023 Attack and Defense World-Web (catcat-new)

Offense and defense in the world web articles

-Web security application security attack and defense -SSRF

How web penetration -xss attack defense

Examples of csrf attack defense in web application scenarios

XSS platform construction for web security attack and defense

Use of SQLmap for Web Security Attack and Defense

Information collection for web security attack and defense

WEB security attack and defense--sql manual injection

Recommended

The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!

Ranking

Getting the basic concepts of ROS + catkin Profile

Spring Learning (2) --- Assembling Beans in the IoC Container

js to get the src attribute of the image regularly

STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud

Short video learning - 3, pandas simple use of pivot_table

Print directory of project configuration log, output log

Understand the difference between vi and vim in Linux in 3 minutes

1 + x certificate Web front-end development HTML5 special exercises

mangodb save and insert the difference

7-1 Family tree processing (50 points) (binary tree solution)

Daily

More

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)