V&N2020-公开赛CHECKIN
====
直接代码审计
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
from flask import Flask, request
import os
app = Flask(__name__)
flag_file = open("flag.txt", "r")
# flag = flag_file.read()
# flag_file.close()
# @app.route('/flag')
# def flag():
# return flag
# ## want flag? naive!
# # You will never find the thing you want:)
@app.route('/shell')
def shell():
os.system("rm -f flag.txt")
exec_cmd = request.args.get('c')
os.system(exec_cmd)
return "1"
@app.route('/')
def source():
return open("app.py", "r").read()
if __name__ == "__main__":
app.run(host='0.0.0.0')
walk through
- 任意代码执行?
- 但是flag.txt被删除了
- 我拿到shell 是不是能hui复原flag.txt呢?
由于buuoj不能读取外网
拿到一个linux lab
获取到不到交互式shell
本文由作者按照 CC BY 4.0 进行授权