A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.
Alex dhondta
dhondta
/ evil-config.ini
Last active
January 11, 2023 13:02
Proof-of-Concept for logging Python code injection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [loggers] | |
| keys=root | |
| [handlers] | |
| keys=stream_handler | |
| [formatters] | |
| keys=formatter | |
| [logger_root] |
** DISPUTED ** A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration."
This Tinyscript-based allows to generate a string with a given alphabet that has a given hash matching the format used for type juggling with PHP, that is when a loose comparison of the type ("0e12345" == ...) is used.
This can be installed using:
$ pip install tinyscript
$ tsm install loose-comparison-input-generator
This Tinyscript-based allows to load an email and to parse the receivers, indicating where the found IP addesses originate from.
This can be installed using:
$ pip install ipaddress mail_parser maxminddb-geolite2 tinyscript
$ tsm install get-email-origin
This Tinyscript-based tool aims to generate preview images of an input PDF (e.g. a book).
This can be installed using:
$ pip install pdf2image tinyscript
$ tsm install pdf-preview-generator
This Tinyscript-based tool allows to decompres a STIX XML file and to output it as a PDF using pdfkit.
This can be installed using:
$ pip install bs4 pdfkit tinyscript
$ tsm install stix-reports-to-pdf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Custom git repos update function | |
| git-repos-update() { | |
| local currdir=$(pwd) | |
| for root in /opt ~/.opt; do | |
| for D in $root/*; do | |
| if [ -d "${D}" ]; then | |
| cd "${D}" | |
| cat .git/config 2>/dev/null | \ | |
| grep url | \ | |
| cut -d" " -f 3 && \ |
This Tinyscript-based tool allows to unhide data hidden in base32/base64 strings. It can take a PNG or JPG in input to retrieve an EXIF value as the input data.
This can be installed using:
$ pip install tinyscript
$ tsm install paddinganograph
This Tinyscript-based tool allows to apply steganography based on PIT (Pixel Indicator Technique) in order to retrieve hidden data from an image.
$ pip install tinyscript
$ tsm install stegopit
OlderNewer