This article is based on SONIC202012, starting from setting up the environment, explaining the reproduction of BGP protocol DOS attacks, using gdb debugging tool to analyze the vulnerability based on code and principles.
In the process of getting a shell in Python, we can hijack a member function of a class and turn it into `eval()`. At first glance, everything seems fine. But upon closer examination, when calling a member function of a class, isn't `self` passed as an argument, like `func(clazz.self, parameter)`? Then why isn't `self` being passed as the first argument to `eval()`, and why isn't there an error?
As we know, in PHP, `require_once` checks whether a file has already been included before including it again. Can we bypass this mechanism?