Date: 1/12/2026Category: CTFTag: CTF, Web, CISCN
本题是来自国赛,是从Pid那里拿到的,是我第一次对源码进行静态分析。
首先我们在本地起一个环境,在输出中我们能看到三个接口
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] GET / --> main.main.func1 (3 handlers)
[GIN-debug] GET /getCurrentRBAC --> main.main.func2 (3 handlers)
[GIN-debug] POST /execSysFunc --> main.main.func3 (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :80