Python run示例

编程语言: Python

命名空间/包名称: sandbox.apd_sandbox

方法/功能: run

hotexamples.com的示例: 2

Python run - 已找到2个示例。这些是从开源项目中提取的最受好评的sandbox.apd_sandbox.run现实Python示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

文件： php_cgi_rce.py 项目： chiehwen/glastopf

    def handle(self, attack_event):

        php_source_code_s = """<code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br />page&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'page'</span><span style="color: #007700">];<br />include(</span><span style="color: #0000BB">page</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?&gt;<br /></span>
</span>"""

        php_source_code_w = """<?php
page = $_GET['page']; include(page); ?>"""
        
        # php -h
        #   -s   Output HTML syntax highlighted source.
        #   -w   Output source with stripped comments and whitespace.
        if attack_event.parsed_request.parameters == '-s' or attack_event.parsed_request.parameters == '-s+%3d':
            attack_event.response = php_source_code_s
            return attack_event

        if attack_event.parsed_request.parameters == '-w' or attack_event.parsed_request.parameters == '-w+%3d':
            attack_event.response = php_source_code_w
            return attack_event

        # Handle remote code execution
        if attack_event.parsed_request.method == 'POST' and \
        'auto_prepend_file=php://input' in attack_event.parsed_request.parameters and \
        '-d' in attack_event.parsed_request.parameters:

            # Read the PHP POST payload calculate the md5 checksum and save the file
            # Then call the PHP sandbox and return the expected results
            # TODO verify if it's a valid PHP code?
            php_file_name = self.store_file(attack_event.parsed_request.body)
            attack_event.response = sandbox.run(php_file_name)
            return attack_event

        # fallback to display vulnerable source code
        attack_event.response = php_source_code_w
        return attack_event

示例#2

显示文件

文件： rfi.py 项目： chiehwen/glastopf

 def handle(self, attack_event):
     if attack_event.parsed_request.method == 'GET':
         attack_event.file_name = self.download_file(
                                     attack_event.parsed_request.url)
     elif attack_event.parsed_request.method == 'POST':
         # FIXME: I don't think this is going to work...
         """attack_event.file_name = self.download_file(
                                     attack_event.parsed_request.body)"""
         pass
     if attack_event.file_name:
         attack_event.response += sandbox.run(attack_event.file_name)
     return attack_event