-
Notifications
You must be signed in to change notification settings - Fork 67
Expand file tree
/
Copy pathviews.py
More file actions
234 lines (200 loc) · 7.93 KB
/
Copy pathviews.py
File metadata and controls
234 lines (200 loc) · 7.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
import html
from django.http import Http404
from django.shortcuts import render, HttpResponse, HttpResponseRedirect, redirect
import sqlite3
from django.contrib.auth.models import User
from django.views.generic import View
from code_audit.models import File
from code_audit.form import AddUserForm
from django.views.decorators.csrf import csrf_exempt, csrf_protect
from django.utils.http import is_safe_url
import urllib.request
from django.conf import settings
import os,io,sys, ping3
# Create your views here.
def XSS(request):
if request.GET.get('name'):
name = request.GET.get('name')
return HttpResponse("<p>name: %s</p>" %name)
# return HttpResponse("<a href='%s'>aaaa</a>" %name)
# 使用模板显示
# return render(request, 'index.html', locals())
else:
return HttpResponse("<p>请输入name</p>")
#
# def SQLi(request):
# if request.GET.get('id'):
# id = request.GET.get('id')
# con = sqlite3.connect('db.sqlite3')
# c = con.cursor()
# username = c.execute('SELECT username FROM auth_user WHERE id = %s;' %str(id)).fetchall()
# email = c.execute('SELECT email FROM auth_user WHERE id ='+str(id)+';').fetchall()
#
# # 可以使用如下的参数位设置预编译语句
# # email = c.execute('SELECT email FROM auth_user WHERE id = ?',[id]).fetchone()[0]
# # username = c.execute('SELECT username FROM auth_user WHERE id = ?;', [id]).fetchone()[0]
#
# return HttpResponse("<p>用户为:%s</p>\n<p>邮箱为:%s</p>" %(username,email))
# else:
# return HttpResponse('<p>请输入用户id</p>')
# 或者使用django自带的api来操作数据库
def SQLi(request):
if request.GET.get('id'):
id = request.GET.get('id')
user = User.objects.get(id=str(id))
username = user.username
email = user.email
return HttpResponse("<p>用户为:%s</p>\n<p>邮箱为:%s</p>" %(username,email))
else:
return HttpResponse('<p>请输入用户id</p>')
@csrf_exempt
def CSRF(request):
if request.method == "POST":
form = AddUserForm(request.POST)
if form.is_valid():
name = form.cleaned_data['name']
email = form.cleaned_data['email']
u = User(username=name, email=email)
u.save()
return HttpResponse('Success')
else:
return HttpResponse('Fail')
else:
form = AddUserForm()
user = User.objects.all()
return render(request, 'form.html', {'user':user,'form': form})
set_url = settings.SAFE_URL
def SSRF(request):
if request.GET.get('url'):
url = request.GET.get('url')
if is_safe_url(url, set_url):
text = urllib.request.urlopen(url)
body = text.read().decode('utf-8')
return render(request, 'ssrf.html', {'file' : body})
else:
return HttpResponse('不合法地址')
else:
return HttpResponse('请输入url')
def COMMAND(request):
if request.GET.get('ip'):
ip = request.GET.get('ip')
flag = os.system('ping -n 1 %s' %ip)
return HttpResponse('<p>%s</p>' %(flag)) #127.0.0.1&&whoami
else:
return HttpResponse('<p>请输入IP地址</p>')
# import subprocess, shlex, chardet
#
# def COMMAND(request):
# if request.GET.get('ip'):
# ip = request.GET.get('ip')
# cmd = 'ping -n 4 %s' %shlex.quote(ip)
# flag = subprocess.run(cmd, shell=False, stdout=subprocess.PIPE)
# stdout = flag.stdout
# return HttpResponse('<p>%s</p>' %str(stdout, encoding=chardet.detect(stdout)['encoding'])) #127.0.0.1&&whoami
# else:
# return HttpResponse('<p>请输入IP地址</p>')
# def READFILE(request):
# if request.GET.get('file'):
# file = request.GET.get('file')
# file = open(file)
# return HttpResponse(file)
# else:
# return HttpResponse('<p>请输入file地址</p>')
def READFILE(request):
file = request.GET.get('path')
path = os.path.join('/var/www/images/', file) #images为限制的读取目录
if os.path.abspath(path).startswith('/var/www/images/') is False:
raise Http404
else:
with open(path, "rb") as f:
content = f.read()
return HttpResponse(content)
def UPLOADFILE(request):
if request.method == 'GET':
return render(request, 'upload.html', {'file':'选择文件'})
elif request.method == 'POST':
dir = os.path.join(os.path.dirname(__file__), '../static/upload')
file = request.FILES.get('filename')
name = os.path.join(dir, file.name)
print(file, name)
with open(name, 'wb') as f:
f.write(file.read())
return render(request, 'upload.html', {'file':'上传成功'})
import uuid, time
# ALLOWED_EXTENSIONS = settings.ALLOWED_EXTENSIONS
# MAX_SIZE = settings.MAX_FILE_SIZE
# UPLOAD_FOLDER = settings.UPLOAD_FOLDER
#
# def allowed_file(filename):
# if '.' in filename and filename.rsplit('.', 1)[1] in ALLOWED_EXTENSIONS:
# filext = filename.rsplit('.', 1)[1]
# return str(uuid.uuid5(uuid.NAMESPACE_DNS, str(time.time())))+"."+filext
# else:
# return None
#
# def UPLOADFILE(request):
# if request.method=='GET':
# return render(request,'upload.html')
# else:
# img=request.FILES.get('filename')
# if img.size < MAX_SIZE and allowed_file(img.name):
# name = UPLOAD_FOLDER+allowed_file(img.name)
# f=open(name,'wb')
# for line in img.chunks():
# f.write(line)
# f.close()
# return render(request, 'upload.html', {'file':'上传成功'})
# else:
# return render(request, 'upload.html', {'file':"不允许的类型或者大小超限"})
# class IndexView(View):
# def filename(self, file):
# if '.' in file and file.rsplit('.', 1)[1] in ALLOWED_EXTENSIONS:
# filext = file.rsplit('.', 1)[1]
# return str(uuid.uuid5(uuid.NAMESPACE_DNS, file))+"."+filext
# else:
# return None
# def get(self,request):
# return render(request,'upload.html')
# def post(self,request):
# myfile = request.FILES.get('filename')
# try:
# if myfile.size <= MAX_SIZE and self.filename(myfile.name):
# myfile.name = self.filename(myfile.name)
# File.objects.create(filename=myfile.name, filext=myfile).save()
# return render(request, 'upload.html', {'file':'上传成功'})
# else:
# return render(request, 'upload.html', {'file':'不允许的类型或大小超限'})
# except Exception as e:
# return render(request,'upload.html', {'file':"不允许的类型或大小超限"})
def SSTI(request):
if request.GET.get('name'):
name = request.GET.get('name')
template = "<p>user:{user}, name:%s<p1>" %name
return HttpResponse(template.format(user=request.user))
else:
return HttpResponse('<p>输入name值</p>')
import logging,logging.config
def INFOR(request):
logging.basicConfig(level=logging.DEBUG)
logger = logging.getLogger(__name__)
infor = {'age': 12, 'name': 'join'}
try:
open('exist', 'r')
except (SystemExit, KeyboardInterrupt):
raise
except Exception as e:
logger.error('Failed to open file', exc_info=True)
return HttpResponse(logger.debug(infor))
import urllib.parse
def BYPASS(request):
if request.GET.get('url'):
url = request.GET.get('url') #https:3026530571
if urllib.parse.urlparse(url).netloc and urllib.parse.urlparse(url).netloc in set_url:
return HttpResponseRedirect(url)
elif urllib.parse.urlparse(url).netloc == '':
path = urllib.parse.urlparse(url).path
return HttpResponseRedirect(path)
else:
return HttpResponse('不允许域名')
else:
return HttpResponse('请输入url')