PyCodeInjectionShell - 自动Python代

2017-06-19 本文已影响75人一点也不想吃辣

参考：https://github.com/sethsec/PyCodeInjection

PyCodeInjection项目包含两个主要组件：

PyCodeInjectionShell - 一种利用基于Web应用程序的Python代码注入的工具
PyCodeInjectionApp - 一种易受Python代码注入攻击的Web应用程序

安装：

git clone https://github.com/sethsec/PyCodeInjection.git /opt/PythonCodeInjection

cd /opt/PythonCodeInjection/VulnApp
./install_requirements.sh

使用案例：

root@playground:/opt/PyCodeInjection/VulnApp# python PyCodeInjectionApp.py
http://0.0.0.0:8080/
192.168.81.1:12637 - - [02/Nov/2016 22:02:28] "HTTP/1.1 POST /pyinject" - 200 OK
192.168.81.1:12639 - - [02/Nov/2016 22:02:37] "HTTP/1.1 POST /pyinject" - 200 OK
192.168.81.1:12640 - - [02/Nov/2016 22:02:38] "HTTP/1.1 POST /pyinject" - 200 OK
192.168.81.1:12641 - - [02/Nov/2016 22:02:39] "HTTP/1.1 POST /pyinject" - 200 OK
192.168.81.1:12642 - - [02/Nov/2016 22:02:39] "HTTP/1.1 POST /pyinject" - 200 OK

PyCodeInjectionShell - 自动Python代

猜你喜欢

热点阅读