fastjson底层分析
fastjson底层分析测试代码package demo2; 联想截图_20240329002549.png public class Person { private String name; pr...
fastjson底层分析测试代码package demo2; 联想截图_20240329002549.png public class Person { private String name; pr...
代码审计import base64 import pickle from flask import Flask, request app = Flask(__name__) @app.route('/') ...
用过就是熟悉 tp长链子反序列化搭建完环境直接一堆php文件,难绷,首先出口类必不可少,找什么地方发生了反序列化全局搜索在index.class.php中我们看到if($data['name']==='guest')...
全世界最简单的CTF这次比赛没有做出来,看了wp,感觉差一点东西,也学到了一些绕过waf的方法这次主要是没有回显这个问题首先读取到源码const express = require('express'); const...
class father: secret = "hello" class son_a(father): pass class son_b(father): pass def...