Skip to content

Instantly share code, notes, and snippets.


Xifeng2009 Xifeng2009

View GitHub Profile
View Ajax
# In app/
import random
from django.http import JsonResponse
def ajax_1(request):
context = {"data": random.randint(1, 999)}
return JsonResponse(context)
# In templates
<input id="a1" value="AAA">
<button id="b1" class="button">Click!</button>
View Base4 of MTV: POST
# In app/
from django import forms
from .models import Topic
class TopicForm(forms.ModelForm):
class Meta:
model = Topic
fields = ['title', 'text']
labels = {
'title': 'Title: ',
'text': 'Text: ',
View Base3 of MTV: Foreign Key
# In
class Comment(models.Model):
topic = models.ForeignKey(Topic)
comment = models.CharField(max_length=200, null=True, blank=True, verbose_name='评论')
date_added = models.DateTimeField(auto_now_add=True, verbose_name='创建时间')
class Meta:
verbose_name_plural = 'comments'
def __str__(self):
return self.comment[:10]
View Base2 of MTV: ORM
# In
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'mysql',
'USER': 'root',
'HOST': '',
'PORT': '3306',
View Base of MTV
# In project/
from django.conf.urls import url, include
urlpatterns = [
url(r'', include('main.urls', namespace='main')),
# In app/
from django.conf.urls import url
from . import views
View XSS: Payload
<script>alert("hellox worldss");</script>
View SQLMAP: 目标&请求
#1 根据url进行注入 -u
sqlmap -u "" -f --banner --dbs --users
# 输出详细等级
-v [1-7]
#2 直连数据库 -d
sqlmap -d "mysql://admin:admin@" -f --banner --dbs --users
View SQL Injection: MySQL
#1 判断盲注
1 and 1=2
1 and 1=1
#2 整型注入
1 or 1=1 #
#3 字符型注入
1' or 1=1 #
View BeautifulSoup
# 文档
import requests
from bs4 import BeautifulSoup
all_url = ''
start_html = requests.get(all_url, headers=headers)
Soup = BeautifulSoup(start_html.text, "lxml") # 解析器:html.parser, lxml-xml, xml, html5lib
# 获取a标签的链接
View Socket: Server
import socket
import threading
class Connection:
def __init__(self, cid, conn, addr):
self.cid = cid
self.conn = conn
self.addr = addr
You can’t perform that action at this time.