Tag: python
-
July 27, 2022Python vulnerabilities : Code execution in jinja templates
We will see how to create context-free payloads for jinja2, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities. -
August 26, 2021Python context free payloads in Mako templates
We will see how to create context-free payloads for Mako, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.August 26, 2021 Python context free payloads in Mako templates -
July 27, 2021Python vulnerabilities : Code execution in jinja templates
We will see how to create context-free payloads for jinja2, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities. -
May 3, 2021FCSC 2021 - Intro - Snake
This challenge gives us access to a python interpreter and asks us to read the flag.txt. We will read the file, and for fun, open a shell afterwards.May 3, 2021 FCSC 2021 - Intro - Snake -
March 24, 2021Python format string vulnerabilities
Python format strings can be very useful but they can be prone to vulnerabilities when misused.March 24, 2021 Python format string vulnerabilities
Compact view