hacktricks/network-services-pentesting/pentesting-web/python.md
2024-12-12 11:39:29 +01:00

2.9 KiB

Python

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

Server using python

test a possible code execution, using the function str():

"+str(True)+" #If the string True is printed, then it is vulnerable

Tricks

{% content-ref url="../../generic-methodologies-and-resources/python/bypass-python-sandboxes/" %} bypass-python-sandboxes {% endcontent-ref %}

{% content-ref url="../../pentesting-web/ssti-server-side-template-injection/" %} ssti-server-side-template-injection {% endcontent-ref %}

{% content-ref url="../../pentesting-web/deserialization/" %} deserialization {% endcontent-ref %}

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}