๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๋ฐ˜์‘ํ˜•

simple-ssti1

[Dreamhack] Level1: simple-ssti ๐Ÿ›Ž๏ธ Access ์กด์žฌํ•˜์ง€ ์•Š๋Š” ํŽ˜์ด์ง€ ๋ฐฉ๋ฌธ์‹œ 404 ์—๋Ÿฌ๋ฅผ ์ถœ๋ ฅํ•˜๋Š” ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค.SSTI ์ทจ์•ฝ์ ์„ ์ด์šฉํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ํ”Œ๋ž˜๊ทธ๋Š” flag.txt, FLAG ๋ณ€์ˆ˜์— ์žˆ์Šต๋‹ˆ๋‹ค.   ๐Ÿ‘พ Exploit Algorithm & Payload> app.py๋”๋ณด๊ธฐ#!/usr/bin/python3from flask import Flask, request, render_template, render_template_string, make_response, redirect, url_forimport socketapp = Flask(__name__)try: FLAG = open('./flag.txt', 'r').read()except: FLAG = '[**FLAG**]'app.secret_key = F.. 2024. 3. 24.
๋ฐ˜์‘ํ˜•

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”