All Questions
12 questions
2votes
1answer
78views
Jinja2: safe from XSS/SSTI if using select_autoescape and context dictionary?
In a FlaskRestX API for an e-commerce site, I use jinja2 to generate a HTML template (to create a PDF purchase receipt). After reading the docs, and asking various AI models, I am still not convinced ...
0votes
1answer
278views
Can malware override and execute any memory location or it has to be specific?
Rather primitive Malware using Python3 and similar already available software on the victim's machine (which can also be compiled using PyInstaller/pycom if not) has the capability to override the ...
- 1,685
0votes
1answer
214views
Would it be useful from a security perspective to harden an interpreter like Python or NodeJS by removing support for unused features?
When hardening a system you want to remove any features that you do not need. I have been thinking about this concept from the perspective of interpreters like Python, NodeJS, PHP etc. and am ...
8votes
3answers
7kviews
Does blocking keywords prevent code injection inside this interactive Python file?
We recently had issues with people messing around inside our system. To prevent code injections within my python code, I implemented the following if block: #! /usr/bin/python3 #-*- coding:utf-8 -*- ...
- 145
1vote
0answers
149views
Implications of Python fmtstr injection without secrets passed to the formatter
There are two ways I can think of to format strings in Python where user input may make its way into the format string input: >>> a = input() >>> print(a % ()) >>> a = ...
- 278
4votes
2answers
29kviews
URL parameter manipulation and injection
I have a scenario with 2 sites. Site 1 is mysite.com and Site 2 is secondurl.com. Site 1 is using Wordpress. There, I did a Javascrit/jQuery routine that checks if a given url parameter comes in. If ...
- 153
0votes
1answer
10kviews
Command injection — filtering bypass [closed]
I am testing a python script that provides a ping function os.system('ping ' + command) all of this characters are filtered '&', ';', '-', '`' , '||', '|' i can't use null bytes like %0A i'm ...
- 63
2votes
1answer
2kviews
Flask/Jinja2 SSTI to get RCE. <type 'file'> not in object subclasses
I'm trying to get RCE in a simple Flask web app I developed, which is vulnerable to server side template injection (SSTI). RCE is usually obtained by uploading the reverse shell script on the target, ...
- 311
4votes
1answer
2kviews
Are there any known Python pickle viruses?
I have recently read a post about vulnerability of Python pickle module which allows to execute arbitrary Python code on unpickling: https://intoli.com/blog/dangerous-pickles/ The docs are suggesting ...
- 293
2votes
1answer
767views
How to reach a hidden Python function with HTML injection in a web app?
I was doing a web app CTF problem which has a web form which is vulnerable to HTML code injection. The goal of the problem is to reach a hidden Python function in that web app. It is a Python based ...
- 173
0votes
3answers
204views
How does one verify that a Python script is a pure math function?
I have a Python project that dynamically loads Python scripts from a set of specified directories and executes an expected function off of them (the framework expects a function name that takes a ...
- 101
11votes
2answers
31kviews
MongoDB Nosql injection in python code
Here is the code snippet for accessing to MongoDB. client = MongoClient() db = client.test_database collection = db.test # Get data from fields condition = form.getvalue('name') if condition: ...
- 449
