[BJDCTF2020]The mystery of ip

1.点flag显示了ip,可能和X-Forwarded-For有关系,再点上面的hint,提示

[BJDCTF2020]The mystery of ip

2.抓个包看看,加个X-Forwarded-For,可能有模板注入

[BJDCTF2020]The mystery of ip

[BJDCTF2020]The mystery of ip

3.ip改成,返回了49,语句被执行了,确实存在Smarty模板引擎注入(https://blog.csdn.net/qq_45521281/article/details/107556915)

[BJDCTF2020]The mystery of ip

4.注入语句

[BJDCTF2020]The mystery of ip

[BJDCTF2020]The mystery of ip

直接X-Forwarded-For:{{system('cat /flag')}} 得到flag

[BJDCTF2020]The mystery of ip



上一篇:pytorch深度学习:线性模型y=w*x+b


下一篇:目标检测学习笔记——yolov5的坐标输出形式和损失函数计算