Python沙箱逃逸的n种姿势
https://xianzhi.aliyun.com/forum/read/2138.html

Django debug page XSS漏洞(CVE-2017-12794)分析
https://www.leavesongs.com/PENETRATION/django-debug-page-xss.html

CVE-2017-12615/CVE-2017-12616:Tomcat信息泄漏和远程代码执行漏洞分析报告
https://xianzhi.aliyun.com/forum/read.php?tid=2135&displayMode=1&page=1&toread=1#tpc

Python PyYAML反序列化漏洞实验和Payload构造
http://www.polaris-lab.com/index.php/archives/375/