February 26, 2024

Pickle RCE 注意事项

python命令执行的环境变量

内部命令与外部命令的区别

命令执行方式: 当你通过 os.popensubprocess.run 调用命令时,系统会依赖于当前环境来查找命令的位置:

C:\Windows\System32\calc.exe

C:\Windows\System32\whoami.exe

flask

不允许动态添加路由,只能用app.view_functions[‘’]来修改路由

详情见payload.py

About this Post

This post is written by void2eye, licensed under CC BY-NC 4.0.

#Web