本文共 879 字,大约阅读时间需要 2 分钟。
参考:
PyCodeInjection项目包含两个主要组件:
PyCodeInjectionShell - 一种利用基于Web应用程序的Python代码注入的工具
PyCodeInjectionApp - 一种易受Python代码注入攻击的Web应用程序安装:
git clone https://github.com/sethsec/PyCodeInjection.git /opt/PythonCodeInjectioncd /opt/PythonCodeInjection/VulnApp./install_requirements.sh
使用案例:
root@playground:/opt/PyCodeInjection/VulnApp# python PyCodeInjectionApp.pyhttp://0.0.0.0:8080/192.168.81.1:12637 - - [02/Nov/2016 22:02:28] "HTTP/1.1 POST /pyinject" - 200 OK192.168.81.1:12639 - - [02/Nov/2016 22:02:37] "HTTP/1.1 POST /pyinject" - 200 OK192.168.81.1:12640 - - [02/Nov/2016 22:02:38] "HTTP/1.1 POST /pyinject" - 200 OK192.168.81.1:12641 - - [02/Nov/2016 22:02:39] "HTTP/1.1 POST /pyinject" - 200 OK192.168.81.1:12642 - - [02/Nov/2016 22:02:39] "HTTP/1.1 POST /pyinject" - 200 OK