Home Sign Up Sign In
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
Sign Up Now
For Existing Member  Sign In
Advertisement
Evi1m0

Jinja2 2.0 /utils.py urlize vulnerability

  •   
  •   Evi1m0 · Oct 31, 2014 · 4328 views
    This topic created in 4203 days ago, the information mentioned may be changed or developed.
    关于v2ex的这几个跨站漏洞,问题出现在Jinja2的模版引擎,其中/utils.py urlize处理不当导致漏洞产生,新版本不存在此漏洞。

    http://weibo.com/3274966043/Bu6ZnAWo1
    http://www.hackersoul.com/post/jinja2_2_0_urlize_vulnerability.html
  • utils.py
  • urlize
  • Jinja2
    4 replies    2015-12-11 13:49:45 +08:00
    Evi1m0
        1
    Evi1m0  
    OP
       Oct 31, 2014
    @Livid here :)
    fucker
        2
    fucker  
       Oct 31, 2014
    mark
    Livid
        3
    Livid  
    MOD
    PRO
       Nov 1, 2014
    :)

    赞!
    Evi1m0
        4
    Evi1m0  
    OP
       Dec 11, 2015
    <img src="test">
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   1337 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 39ms · UTC 16:38 · PVG 00:38 · LAX 09:38 · JFK 12:38
    ♥ Do have faith in what you're doing.