File tree 1 file changed +50
-0
lines changed
1 file changed +50
-0
lines changed Original file line number Diff line number Diff line change 1+ 代码注入、命令执行
2+
3+ 1.内置危险函数
4+ exec
5+ execfile
6+ eval
7+ Python eval的常见错误封装及利用原理
8+ http://xxlegend.com/2015/07/31/Python%20eval%E7%9A%84%E5%B8%B8%E8%A7%81%E9%94%99%E8%AF%AF%E5%B0%81%E8%A3%85%E5%8F%8A%E5%88%A9%E7%94%A8%E5%8E%9F%E7%90%86/
9+ Exploiting Python’s Eval
10+ http://www.floyd.ch/?p=584
11+ 2.标准库危险模块
12+ os
13+ os.popen() or subprocess.Popen(), and subprocess.check_output()
14+ 核心语句
15+ sys
16+ subprocess
17+ subprocess.call(user_input, shell=True) : popen, subprocess.call等函数所导致的命令执行
18+ commands
19+ 3.危险第三方库
20+ Template(user_input) : 模板注入(SSTI)所产生的代码执行
21+ subprocess32
22+ 4.反序列化
23+ marshal
24+ PyYAML
25+ pickle和cpickle
26+ http://www.cnblogs.com/yyds/p/6563608.html
27+ shelve
28+ PIL
29+ https://xianzhi.aliyun.com/forum/read/2163.html
30+ 图片库REC
31+ https://sethsec.blogspot.jp/2016/11/exploiting-python-code-injection-in-web.html
32+ 命令注入
33+ unzip
34+ https://ajinabraham.com/blog/exploiting-insecure-file-extraction-in-python-for-code-execution
35+ payload构造
36+ 前提
37+ eval+compile
38+ 多语句
39+ __import__
40+ __import__是一个函数,并且只接受字符串参数,import 都是在它的基础上实现的。
41+ importlib
42+ 参考
43+ import相关,沙箱绕过
44+ https://xianzhi.aliyun.com/forum/read/2138.html
45+ 代码注入
46+ https://www.doyler.net/security-not-included/exploiting-python-code-injection
47+ http://www.securitynewspaper.com/2016/11/12/exploiting-python-code-injection-web-applications/
48+ codereview
49+ Python Security Auditing (IV): Command Execution
50+ https://www.cdxy.me/?p=747
You can’t perform that action at this time.
0 commit comments