Skip to content

Instantly share code, notes, and snippets.

import requests
import string
import random
import socket
1- SSRF to ftp through the avatar parameter on /login
2- Abuse the CRLF injection in python urllib to inject ftp commands
3- make a bson serialization payload and put the session val to be a pickle serialization to gain RCE
Sp3eD-X /
Last active Mar 15, 2021
PoC for CVE-2020-22550
import requests
import base64
import zipfile
import io
import sys
import argparse
class Args(object):
def __init__(self):
self.parser = argparse.ArgumentParser()