根据指引拿到源码,之前访问网页拿到的源码是无缩进的,我还以为是出题人故意这样,后来才知道view-source一下能看到有缩进的源代码。
#!/usr/bin/python3.6
import os
import pickle
from base64 import b64decode
from flask import Flask, request, render_template, session
app = Flask(__name__)
app.config["SECRET_KEY"] = "*******"
User = type('User', (object,), {
'uname': 'test',
'is_admin': 0,
'__repr__': lambda o: o.uname,
})
@app.route('/', methods=('GET',))
def index_handler():
if not session.get('u'):
u = pickle.dumps(User())
session['u'] = u
return "/file?file=index.js"
@app.route('/file', methods=('GET',))
def file_handler():
path = request.args.get('file')
path = os.path.join('static', path)
if not os.path.exists(path) or os.path.isdir(path) \
or '.py' in path or '.sh' in path or '..' in path or "flag" in path:
return 'disallowed'
with open(path, 'r') as fp:
content = fp.read()
return content
@app.route('/admin', methods=('GET',))
def admin_handler():
try:
u = session.get('u')
if isinstance(u, dict):
u = b64decode(u.get('b'))
u = pickle.loads(u)
except Exception:
return 'uhh?'
if u.is_admin == 1:
return 'welcome, admin'
else:
return 'who are you?'
if __name__ == '__main__':
app.run('0.0.0.0', port=80, debug=False)
首先来看一个东西:https://baijiahao.baidu.com/s?id=1646831894632441854&wfr=spider&for=pc
这里说明了python中所有的类都是type类的一个对象,所以定义类时可以普通定义,也可以使用type类定义,源代码中就是使用type类定义了一个User类,该类中有三个属性
User = type('User', (object,), {
'uname': 'test',
'is_admin': 0,
'__repr__': lambda o: o.uname,
})
标签:__,return,easyflask,admin,app,2021,path,HFCTF,User From: https://www.cnblogs.com/hackerone/p/17528129.html