Questions tagged [python]
High-level dynamic language developed by Guido van Rossum, particularly popular for server-side web programming and scripting.
423 questions
2
votes
1
answer
206
views
Jinja2: safe from XSS/SSTI if using select_autoescape and context dictionary?
In a FlaskRestX API for an e-commerce site, I use jinja2 to generate a HTML template (to create a PDF purchase receipt). After reading the docs, and asking various AI models, I am still not convinced ...
2
votes
0
answers
211
views
How to do a bufferoverflow attack for a simple C program?
Consider the following simple C program that asks the user for to input their user name and password in order to get access to some website. (The correct username is supposed to be "admin" ...
- 121
0
votes
0
answers
114
views
How to exploit Python script and sudo subprocess shared file handle?
I am wondering what attacks would be theoretically possible against a Python script that executes a subprocess involving sudo. I know that asking for the sudo password using input() or getpass(), then ...
5
votes
2
answers
2k
views
What's a good way to append a nonce to ciphertext in Python for AES GCM in Python?
I'm not a security expert, so please excuse this question if it's silly, but I would really like an answer. I am using AES GCM to encrypt and would like to combine the randomly generated nonce with ...
- 53
1
vote
0
answers
198
views
Race condition in Python [closed]
I am trying to teach my students about race conditions on the web, and for that purpose, I am using a simple bank example, in which we transfer an amount from person A to Person B's account. If we use ...
- 343
1
vote
1
answer
140
views
How can I prevent msfvenom Python payloads from forking without manually decoding the payload?
I am generating a Python payload using msfvenom with the following command:
msfvenom -p python/meterpreter_reverse_tcp -f raw --platform python -e generic/none -a python LHOST=192.168.173.137 LPORT=...
- 21
1
vote
1
answer
302
views
CodeQL: How to resolve partial Server-Side Request Forgery warning when taking user-based input as a FastAPI endpoint?
I am cross-posting here on Information Security as well to request input on the security of the Python code I've written and whether it can be considered a false positive.
I'm writing a function to ...
2
votes
2
answers
293
views
How do I capture HTTPS requests with Python if I have full access to the user's computer
Before any of you answer, "HTTPS is built on top of TLS and everything is encrypted"
I need to specify a very important note: I have FULL access to the client's machine (Windows)
My ...
- 21
1
vote
0
answers
65
views
Are libc security vulnerabilities in a Python web application actually exploitable in a private cloud environment?
We use a Python web framework and gunicornlibrary on top of Docker to power a web application with a frontend in a private cloud that can be accessed by a private network. Our security tools report ...
- 63
4
votes
2
answers
2k
views
Securing HTTP File Transfer over local network
My intention is to transfer files between a computer and a cell phone in the same network. I have created a system consisting of two apps for this purpose (everyone should be able to use the apps): ...
- 41
1
vote
0
answers
143
views
Log REST API calls in the most auditable way
I am working on a data processing task in an enterprise environment with Python3 installed on a client-side Windows Jump server.
I need to download data regularly from a third-party provider, and it ...
- 11
1
vote
0
answers
74
views
Looking for feedback and advise on security of my application [closed]
I have built a secure password management application using python. From my understanding I have completed the implementation in a secure manner. I would like to see if there are any flaws in my ...
- 13
0
votes
0
answers
43
views
Python os.system() does not change EUID to 0, but os.execl() does, why? [duplicate]
I was working on a Capture the Flag (CTF) challenge that involved a setuid-enabled binary, '/usr/bin/python', where the owner is 'root.' I assumed the user was "www-data", with UID=33.
The ...
1
vote
0
answers
532
views
Buffer Overflow shell
I'm trying to exploit the code posted by ir0nstone at this link. I followed any of the steps listed in the tutorial, but Address space layout randomization (ASLR) is not enabled on my machine. When I ...
- 11
1
vote
2
answers
3k
views
How to resolve server-side request forgery (SSRF) warning for a HTTP request that takes Python package names as input?
I'm working on a function that returns a HTTP response from https://pypi.org/simple/ when Python's pip installer requests it for a package. When pushing my code onto GitHub, the CodeQL checks warn of ...