RCE in Pyspider

Today i read one articles about exploit debug mode in Werkzeug. It old, but very interesting. When i try to find website in shodan, i found 30s website use pyspider. Pyspider is python opensource, you can download and install it from: https://github.com/binux/pyspider
It had one problem, it not authentication. Anyone can access.

When click to one process, you can go to debug mode. And you can edit python code. So, you can use it to run code execute. It is RCE.


This is my POC:
       import subprocess
        p = subprocess.Popen(["id","-m"], stdout=subprocess.PIPE)
        output, err = p.communicate()
        print(output)

----------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
Security Research
SecurityLab - Linux Lab -- Window and Cisco Lab
to be continued - I will update more.

Comments

Popular posts from this blog

Python - Multithread to read one file

Install Xposed Inspector and Frida on Genymotion

OpenCA tutorial