{"html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fblog.hamayanhamayan.com%2Fentry%2F2021%2F04%2F08%2F200608\" title=\"Jar [\u00e5ngstromCTF 2021] - \u306f\u307e\u3084\u3093\u306f\u307e\u3084\u3093\u306f\u307e\u3084\u3093\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","height":"190","published":"2021-04-08 20:06:08","categories":["Security"],"url":"https://blog.hamayanhamayan.com/entry/2021/04/08/200608","description":"\u8abf\u67fb \u3088\u304f\u308f\u304b\u3089\u306a\u3044\u30d4\u30af\u30eb\u30b9\u3068\u5171\u306b\u6587\u5b57\u3092\u767b\u9332\u3067\u304d\u308b\u30b5\u30a4\u30c8\u304c\u4e0e\u3048\u3089\u308c\u308b\u3002 python\u3067pickle\u3068\u3044\u3048\u3070\u3001\u3084\u308b\u3053\u3068\u306fUnsafe Deserialization\u3060\u308d\u3046\u3002 Proxy\u5c65\u6b74\u3092\u898b\u308b\u3068\u3001contents\u30af\u30c3\u30ad\u30fc\u306b\u306a\u3093\u304b\u5165\u3063\u3066\u3044\u308b\u3002 Set-Cookie: contents=gASVDQAAAAAAAABdlCiMAXiUjAF5lGUu; Path=/ \u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u8aad\u307f \u914d\u5217\u304cpickle\u3067\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3055\u308c\u3066\u3044\u308b\u3002 \u666e\u901a\u306b\u51fa\u529b\u3057\u3066\u8868\u793a\u3057\u3066\u3044\u308b\u306e\u3067Unsafe Desearialization\u9054\u6210\u3067\u304d\u305d\u3046\u3060\u3002 Unsafe Deserialization import pickle i\u2026","provider_name":"Hatena Blog","provider_url":"https://hatena.blog","blog_url":"https://blog.hamayanhamayan.com/","type":"rich","author_name":"hamayanhamayan","version":"1.0","image_url":null,"title":"Jar [\u00e5ngstromCTF 2021]","blog_title":"\u306f\u307e\u3084\u3093\u306f\u307e\u3084\u3093\u306f\u307e\u3084\u3093","author_url":"https://blog.hatena.ne.jp/hamayanhamayan/","width":"100%"}