Test point: python template vulnerability
After opening, you see the prompt: python template injection (python template injection)
changes the URL and gets an echo.
Indicates a vulnerability exists. Pass in the parameter config. Get echo.
No valid messages found. Change the incoming parameters.
It was found that the incoming command "ls" was executed and the file fl4g was found.
Command explanation:
The command effect is to execute the command in the popen() function .
Among them:
1. __ class__ _ : View the class to which the variable belongs
2. __ init __ : Initialize the class and return the function
3. __ globals __: Get the modules, methods and all variables that can be used in the space where the function is located
4. os.popen () Open a pipe from a command
Read fl4g files.