pyLoad js2py Python Execution

Posted by deepcore on February 22, 2023 – 11:38 pm

Last Updated on February 22, 2023 by deepcore

pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services, the primary of which is on port 8000 and can not be used by external hosts. A secondary Click N Load service runs on port 9666 and can be used remotely without authentication.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Sales Tracker System 1.0 SQL Injection pyLoad js2py Python Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

pyLoad js2py Python Execution

Post a reply

Tabs Switcher

Archives

Meta

BLOGROLL