版权声明:转载请注明出处:http://blog.csdn.net/dajitui2024 https://blog.csdn.net/dajitui2024/article/details/79396461
参考:https://github.com/sethsec/PyCodeInjection
PyCodeInjection项目包含两个主要组件:
PyCodeInjectionShell - 一种利用基于Web应用程序的Python代码注入的工具
PyCodeInjectionApp - 一种易受Python代码注入攻击的Web应用程序
安装:
git clone https://github.com/sethsec/PyCodeInjection.git /opt/PythonCodeInjection
cd /opt/PythonCodeInjection/VulnApp
./install_requirements.sh
使用案例:
root@playground:/opt/PyCodeInjection/VulnApp# python PyCodeInjectionApp.py
http://0.0.0.0:8080/
192.168.81.1:12637 - - [02/Nov/2016 22:02:28] "HTTP/1.1 POST /pyinject" - 200 OK
192.168.81.1:12639 - - [02/Nov/2016 22:02:37] "HTTP/1.1 POST /pyinject" - 200 OK
192.168.81.1:12640 - - [02/Nov/2016 22:02:38] "HTTP/1.1 POST /pyinject" - 200 OK
192.168.81.1:12641 - - [02/Nov/2016 22:02:39] "HTTP/1.1 POST /pyinject" - 200 OK
192.168.81.1:12642 - - [02/Nov/2016 22:02:39] "HTTP/1.1 POST /pyinject" - 200 OK