Web-2023CISCN东北赛区线下赛-web4-writeup

非常简单的命令执行
非常简单的过滤绕过
题目源码

from flask import Flask, render_template, request
import os
import re

app = Flask(__name__)


@app.route("/", methods=["GET"])
def index():
    return render_template("index.html")


@app.route("/post", methods=["POST"])
def post():
    if request.method == "POST":
        ip = request.form.get("ip")
        print(ip)
        if not ip:
            mes = "Your ip cannot be empty"
            return render_template("index.html", message=mes)
        invalid = waf(ip)
        if invalid:
            mes = "Waf!"
            return render_template("index.html", message=mes)
        res = os.popen("ping -c 5 -w 15 " + ip)
        #print(res)
        if res:
            mes = res.read()
            return render_template("index.html", message=mes)
        else:
            mes = "Failed!"
            return render_template("index.html", message=mes)


def waf(ip):
    blacklist = [";", "cat", ">", "<", "cd", " ", "tac", "sh", "\+", "echo", "flag"
    ,"prinf","\?","\*","\\\\"]
    # "?","*"
    for black in blacklist:
        match = re.search(black, ip, re.M | re.I)
        #print(match)
        if match:
            return True
    return False


if __name__ == "__main__":
    app.run("0.0.0.0", port=80)

绕过方法
图片我是从我当时线下比赛的录像截取的