Web Application Exploits and Defenses (google-gruyere.appspot.com)  据说是包括了所有web2.0的漏洞



you’ll use both black-box hacking and white-box hacking

白盒审计说明(source code)


Gruyere is small and compact. Here is a quick rundown of the application code:

  • gruyere.py is the main Gruyere web
  • serverdata.py stores the default data in the database. There is an administrator account and two default users.
  • gtl.py is the Gruyere template language
  • sanitize.py is the Gruyere module used for sanitizing HTML to protect the application from security holes.
  • resources/… holds all template files, images, CSS, etc.

重置沙盒状态(Reset Button):

在沙盒环境变得无法使用时…… As noted above, each instance is sandboxed so it can’t consume infinite resources and it can’t interfere with anyone else’s instance. Notwithstanding that, it is possible to put your Gruyere instance into a state where it is completely unusable. If that happens, you can push a magic "reset button" to wipe out all the data in your instance and start from scratch. To do this, visit this URL with your instance id: https://google-gruyere.appspot.com/resetbutton/123



Your Gruyere instance id is

558692305032828541672765603645926815579 注册了个uzks的用户 http://google-gruyere.appspot.com/558692305032828541672765603645926815579/



印象笔记导出MD太难了。。。还直接导出pdf共享notion 的连接好啦。一个刷题记录。基本是全刷了。不能刷的多半是讲知识点。 🍡链接:


Valaxy v0.18.6 驱动 | 主题 - Yun v0.18.6