wrapper or protocol controllable function allow_url_include vulnerability type remark file:// - Off LFI / File Manipulation glob:// - Off Directory Traversal php://filter/read include Off File ...
Read More
This article summarizes unsafe functions and exploits in Python command/code execution. os Unsafe functions os.system os.popen os.popen2 os.popen3 os.popen4 Exploit >>> import os >>> ...
Read More
An installation guide has been given by Mirai's author: https://github.com/jgamblin/Mirai-Source-Code/blob/master/ForumPost.md Here provides detailed installation commands. Install requirements ...
Read More
Template Injection 之前两篇曝光率很高的文章中指出了Flask SSTI成因及利用方式 exploring-ssti-in-flask-jinja2 exploring-ssti-in-flask-jinja2-part-ii 文中已指出利用方式,事实上使用__class__.__base__.subclasses__可以直接执行命令。 {% for c in ...
Read More