Skip to content
No description, website, or topics provided.
Python Smarty Dockerfile Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
bottle first commit Nov 12, 2018
media/15420333517622 update Nov 12, 2018
Dockerfile first commit Nov 12, 2018 Update Jan 8, 2019
bottle.sql first commit Nov 12, 2018


hint1 */3 */10 hint2 firefox

payload<script>alert `1` </script>`

一个CRLF头注入,当端口小与80时猜测firefox不会跳转 利用这个特性使其加载js达到xss


hint1 : */3 */10 这是服务器重启的两个时间 bottle每次重启时响应头顺序可能会随机变化 人为干预了下这变化 */3 为csp在上面location在下面的服务重启时间 */10 为csp在下面location在上面的服务重启时间 需要在指定时间内上传payload才能拿flag

You can’t perform that action at this time.