We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
请简单描述一下需要改进/新增功能: 目前flag 写入实现的代码: vulfocus-api/tasks/tasks.py
container_flag = "flag-{bmh%s}" % (uuid.uuid4(),) ··· command = 'touch /tmp/%s' % (container_flag,) execute_result = docker_container_run(docker_container, command)
是通过touch 在/tmp下创建一个文件,文件名为flag-{xxx},在一些任意文件读取漏洞靶场,如 “elasticsearch 目录遍历 (CVE-2015-5531)”, 不能正常读取flag。 描述你想要的解决方案: 可以考虑将command 命令修改为:
f'bash -c "echo {container_flag} > /tmp/flag && touch /tmp/{container_flag}"'
在/tmp 下同时再创建一个flag文件,向其中写入key,使得这些靶场能正确读取flag, 补充内容: 预计修改vulfocus-api/tasks/tasks.py两处位置即可实现: 修改后可以正常读取flag
The text was updated successfully, but these errors were encountered:
No branches or pull requests
请简单描述一下需要改进/新增功能:
目前flag 写入实现的代码:
vulfocus-api/tasks/tasks.py
是通过touch 在/tmp下创建一个文件,文件名为flag-{xxx},在一些任意文件读取漏洞靶场,如 “elasticsearch 目录遍历 (CVE-2015-5531)”, 不能正常读取flag。
描述你想要的解决方案:
可以考虑将command 命令修改为:
f'bash -c "echo {container_flag} > /tmp/flag && touch /tmp/{container_flag}"'在/tmp 下同时再创建一个flag文件,向其中写入key,使得这些靶场能正确读取flag,
补充内容:
预计修改vulfocus-api/tasks/tasks.py两处位置即可实现:
修改后可以正常读取flag
The text was updated successfully, but these errors were encountered: