1.8 KiB
1.8 KiB
Magic Methods
Class Methods
You can access the **methods **of a **class **using __dict__.
You can access the functions
Object class
Attributes
You can access the attributes of an object using** __dict__**. Example:
Class
You can access the **class **of an object using __class__
You can access the **methods **of the **class **of an **object chainning **magic functions:
Server Side Template Injection
Interesting functions to exploit this vulnerability
__init__.__globals__
__class__.__init__.__globals__
Inside the response search for the application (probably at the end?)
Then access the environment content of the application where you will hopefully find **some passwords **of interesting information:
__init__.__globals__[<name>].config
__init__.__globals__[<name>].__dict__
__init__.__globals__[<name>].__dict__.config
__class__.__init__.__globals__[<name>].config
__class__.__init__.__globals__[<name>].__dict__
__class__.__init__.__globals__[<name>].__dict__.config