Using getClass()
and getMethods()
to access filtered methods. The goal was to get ${Class.forName('java.lang.Runtime').getRuntime().invoke(null).exec(<RCE>).getInputStream().read()}
.
import requests
def get_int(i):
""" | |
Implementation of RSA cryptography | |
using samples of large numbers | |
""" | |
import random | |
import sys | |
import math | |
from random import randrange |
class ListNode: | |
def __init__(self): | |
self._Name = None | |
self._Pointer = None | |
def SetName(self, Name): | |
self._Name = Name | |
def SetPointer(self, Pointer): | |
self._Pointer = Pointer |
class ListNode: | |
def __init__(self, DataValue): | |
self._DataValue = DataValue | |
self._NextNode = None | |
def set_DataValue(self, DataValue): | |
self._DataValue = DataValue | |
def set_NextNode(self, NextNode): | |
self._NextNode = NextNode |
# BST (OOP Array/FreeSlot Linked List Implementation) -----------# | |
class Node: | |
def __init__(self, data, ptr, leftPtr, rightPtr): | |
self._data = data | |
self._ptr = ptr | |
self._leftPtr = leftPtr | |
self._rightPtr = rightPtr |
# Compact BST (Array Implementation) -----------# | |
# rightPtr = Ptr * 2 + 2, leftPtr = Ptr * 2 + 1 # | |
BST = [None for _ in range(21)] | |
def insert(BST, data): | |
if not BST[0]: # empty | |
BST[0] = data | |
[Description] | |
AsmBB v2.9.1 was discovered to contain multiple cross-site scripting | |
(XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries. | |
------------------------------------------ | |
[Additional Information] | |
This vulnerability was discovered through the hxp CTF. | |
Several teams used different variations of the vulnerability but the root cause and impact are similar. |