Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Photographer portfolio website powered by Django Framework. Features photo gallery with infinite scrolling, tagging, thumbnail generation and CMS for creating pages. Configured for Heroku and S3.

Stars: ✭ 19 (-97.94%)

Mutual labels: django

Django Analytical

Analytics services for Django projects

Stars: ✭ 891 (-3.26%)

Mutual labels: django

Campus42

Website that allows 42 Silicon Valley students to find each other on the map

Stars: ✭ 17 (-98.15%)

Mutual labels: django

Django Sitecats

Django reusable application for content categorization.

Stars: ✭ 18 (-98.05%)

Mutual labels: django

Django Oidc Rp

A server side OpenID Connect Relying Party (RP, Client) implementation for Django.

Stars: ✭ 16 (-98.26%)

Mutual labels: django

Django2.0 Tutorial

Django2.0 Tutorial [1|2|3|4|5|6|7] Source Code

Stars: ✭ 19 (-97.94%)

Mutual labels: django

Django Mypy

A django project to show use of mypy

Stars: ✭ 7 (-99.24%)

Mutual labels: django

Django2.0 Course

Django2.0视频教程相关代码（杨仕航）

Stars: ✭ 897 (-2.61%)

Mutual labels: django

Django Uwsgi Taskmanager

Django application to monitor and manage long and/or recurring tasks through uWSGI.

Stars: ✭ 22 (-97.61%)

Mutual labels: django

Django Source

django 源码剖析

Stars: ✭ 20 (-97.83%)

Mutual labels: django

Django Phantom Theme

Phantom is theme for django admin with many widgets, based on Twitter bootstrap 3.x.

Stars: ✭ 18 (-98.05%)

Mutual labels: django

View All Similar Projects ➔

代码注入、命令执行

1.内置危险函数
exec
execfile
eval

2.标准库危险模块
os
subprocess
commands

3.危险第三方库
Template(user_input) : 模板注入(SSTI)所产生的代码执行
subprocess32 

4.反序列化
marshal
PyYAML
pickle和cpickle
shelve
PIL
unzip

Python沙箱逃逸的n种姿势

禁用import的情况下绕过python沙箱

Escaping the Python Sandbox

Python Sandbox Bypass

Python之数据序列化（json、pickle、shelve）

Exploiting Python PIL Module Command Execution Vulnerability

Exploiting Python Code Injection in Web Applications

EXPLOITING PYTHON CODE INJECTION IN WEB APPLICATIONS

Python eval的常见错误封装及利用原理

Exploiting Python’s Eval

Exploiting insecure file extraction in Python for code execution

掌阅iReader某站Python漏洞挖掘

Python Pickle的任意代码执行漏洞实践和Payload构造

django的secret key泄漏导致的命令执行实践

Remote Code Execution on a Facebook server

Python PyYAML反序列化漏洞实验和payload构造

Exploiting Python Deserialization Vulnerabilities

Shellcoding in Python’s serialisation format

PyCodeInjection代码注入实验环境

Exploiting Python Code Injection in Web Applications （翻译版）

Numpy反序列化命令执行(CVE-2019-6446)浅析

paper

Python_Hack_知道创宇_北北(孙博).pdf

其他

如何判断目标站点是否为Django开发

Supervisord远程命令执行漏洞（CVE-2017-11610）

python富文本XSS过滤器

基于mezzanine的攻防比赛环境搭建及XXE漏洞构造/

Python Waf黑名单过滤下的一些Bypass思路

Pwnhub Web题Classroom题解与分析

Programming Secure Web Applications in Python

[CVE-2016-5699] HTTP Header Injection in Python urllib 同 http://www.anquan.us/static/drops/papers-16905.html

[CVE-2019-9740] Python urllib CRLF injection vulnerability 同 https://xz.aliyun.com/t/5123

Hack Redis via Python urllib HTTP Header Injection

【技术分享】python web 安全总结

安全工具

python正向连接后门

struts2 S2-016/S2-017 Python GetShell

Python多线程端口扫描工具

Python JSON Fuzzer: PyJFuzz

https://github.com/smartFlash/pySecurity

对象注入、底层安全

DEFENCELY CLARIFIES PYTHON OBJECT INJECTION EXPLOITATION

OWASP Python Security Project

Escaping a Python sandbox with a memory corruption bug

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 921

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

bit4woo / Python_sec

Programming Languages

Labels

Projects that are alternatives of or similar to Python sec

代码注入、命令执行

代码审计

Django相关

package钓鱼

LDAP注入

SSRF

XSS

SQLI

SSTI模版注入

python webshell

paper

其他

安全工具

对象注入、底层安全