Created
July 9, 2019 03:26
-
-
Save rhamaa/0c775badacc632c97b9c324789df2a23 to your computer and use it in GitHub Desktop.
SSTI Search
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # search.py | |
| # Source https://ctftime.org/writeup/10851 | |
| def search(obj, max_depth): | |
| visited_clss = [] | |
| visited_objs = [] | |
| def visit(obj, path='obj', depth=0): | |
| yield path, obj | |
| if depth == max_depth: | |
| return | |
| elif isinstance(obj, (int, float, bool, str, bytes)): | |
| return | |
| elif isinstance(obj, type): | |
| if obj in visited_clss: | |
| return | |
| visited_clss.append(obj) | |
| print(obj) | |
| else: | |
| if obj in visited_objs: | |
| return | |
| visited_objs.append(obj) | |
| # attributes | |
| for name in dir(obj): | |
| if name.startswith('__') and name.endswith('__'): | |
| if name not in ('__globals__', '__class__', '__self__', | |
| '__weakref__', '__objclass__', '__module__'): | |
| continue | |
| attr = getattr(obj, name) | |
| yield from visit(attr, '{}.{}'.format(path, name), depth + 1) | |
| # dict values | |
| if hasattr(obj, 'items') and callable(obj.items): | |
| try: | |
| for k, v in obj.items(): | |
| yield from visit(v, '{}[{}]'.format(path, repr(k)), depth) | |
| except: | |
| pass | |
| # items | |
| elif isinstance(obj, (set, list, tuple, frozenset)): | |
| for i, v in enumerate(obj): | |
| yield from visit(v, '{}[{}]'.format(path, repr(i)), depth) | |
| yield from visit(obj) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment