Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-1629 PoC — Python pip安装模块安全漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E8%AF%AD%E8%A8%80%E6%BC%8F%E6%B4%9E/Python%20pip%20install%20RCE%20%E6%BC%8F%E6%B4%9E%20CVE-2013-1629.md
Associated Vulnerability
Title:Python pip安装模块安全漏洞 (CVE-2013-1629)
Description:Python是Python软件基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。pip是一款用于安装和管理Python软件包的工具。 Python的pip安装模块1.2.1及之前的版本中存在安全漏洞,该漏洞源于程序使用HTTP协议对PyPl存储库中的程序包进行检索时,没有对其内容进行完整性检查。中间人攻击者可通过‘pip install’操作利用该漏洞执行任意代码。
File Snapshot

 # Python pip install RCE 漏洞 CVE-2013-1629

## 漏洞描述

当通过 HTTP 从 Pypi 存储库检索包时,不会检查包内容的完整性。利用这个缺陷,攻击者可以

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.