可利用的Python函数 [英] Exploitable Python Functions
问题描述
此问题类似于可利用的PHP函数。
污染的数据来自用户,或更具体地说是攻击者。当受污染的变量到达接收器函数时,您将遇到漏洞。例如,执行sql查询的函数是一个接收器,而GET / POST变量是污点的来源。
Tainted data comes from the user, or more specifically an attacker. When a tainted variable reaches a sink function, then you have a vulnerability. For instance a function that executes a sql query is a sink, and GET/POST variables are sources of taint.
Python中所有接收器函数是什么?我正在寻找引入漏洞或软件漏洞的函数。我对远程执行代码漏洞特别感兴趣。是否有整个类/模块在功能上包含危险?您是否有有趣的Python漏洞示例?
What are all of the sink functions in Python? I am looking for functions that introduce a vulnerability or software weakness. I am particularly interested in Remote Code Execution vulnerabilities. Are there whole classes/modules that contain dangerous functionally? Do you have any examples of interesting Python vulnerabilities?
推荐答案
eval
和 exec
是经典。但是,打开
和文件
也可能被滥用:
eval
and exec
are the classics. However, open
and file
can be abused too:
open('/proc/kcore', 'w').write('0' * 1000 * 1000 * 1000)
然后有 os
, sys
,子进程
和 dircache
模块。几乎所有触及文件系统或可用于将数据转换为可执行代码的东西(例如 os.system
)都将列在列表中。
Then there are the os
, sys
, subprocess
, and dircache
modules. Pretty much anything that touches the filesystem or can be used to turn data into executable code (like os.system
) is going to be on the list.
写入文件系统和执行任意外部程序不是特定于Python的。但是,它们值得安全审核员考虑。这些功能中的大多数都可以安全使用,而不必太担心安全性。另一方面, eval
和 exec
是很大的危险信号。安全使用它们需要细致的照顾。
As S. Lott pointed out in the comments, writing to the filesystem and executing arbitrary external programs aren't Python-specific. However, they are worth security auditors' consideration. Most of these functions can be safely used without too much concern for security. eval
and exec
, on the other hand, are great big red flags. Using them safely requires meticulous care.
这篇关于可利用的Python函数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!