2020-07-15 15:43:14 +00:00
|
|
|
# Python
|
|
|
|
|
|
|
|
## Server using python
|
|
|
|
|
|
|
|
test a possible **code execution**, using the function _str\(\)_:
|
|
|
|
|
|
|
|
```python
|
|
|
|
"+str(True)+" #If the string True is printed, then it is vulnerable
|
|
|
|
```
|
|
|
|
|
2021-06-26 13:01:09 +00:00
|
|
|
### Tricks
|
2020-07-15 15:43:14 +00:00
|
|
|
|
2021-06-26 13:01:09 +00:00
|
|
|
{% page-ref page="../../misc/basic-python/bypass-python-sandboxes.md" %}
|
|
|
|
|
|
|
|
{% page-ref page="../../pentesting-web/ssti-server-side-template-injection/" %}
|
|
|
|
|
|
|
|
{% page-ref page="../../pentesting-web/deserialization/" %}
|
2020-07-15 15:43:14 +00:00
|
|
|
|