Based on JSESSIONID , we know this is a Java application. ... We have to somehow inject <script src="/flag"> with valid nonce.
確定! 回上一頁