Today i read one articles about exploit debug mode in Werkzeug. It old, but very interesting. When i try to find website in shodan, i found 30s website use pyspider. Pyspider is python opensource, you can download and install it from: <a href="https://github.com/binux/pyspider" class="autolinkedURL autolinkedURL-url" target="_blank">github.com/binux/pyspider</a> It had one problem, it not authentication. Anyone can access. 
<a target="_blank" href="https://2.bp.blogspot.com/-ZF5tlEOBpbY/V87oDg41FXI/AAAAAAAABwA/rLkf7zLYMrApo8elZEaq3MGyN0OidmLIQCLcB/s1600/1.png"><img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1676120669976/91af45d6-154a-45fa-98bf-f78839c696f2.png" alt /></a>
When click to one process, you can go to debug mode. And you can edit python code. So, you can use it to run code execute. It is RCE. 
<a target="_blank" href="https://1.bp.blogspot.com/-RIVTKygCZWA/V87oabZg2gI/AAAAAAAABwE/sLsQx4M4_vowNE_s_MNH1RuZwyJ7ypN0gCLcB/s1600/2.png"><img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1676120672330/e633eb0e-8b4f-47a3-8a0d-269f3973ac9a.png" alt /></a>
This is my POC: 
<blockquote>
 import subprocess p = subprocess.Popen(["id","-m"], stdout=subprocess.PIPE) output, err = p.communicate() print(output)
</blockquote>
----------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
Security Research
SecurityLab - Linux Lab -- Window and Cisco Lab
to be continued - I will update more.
Nam Habach


Today i read one articles about exploit debug mode in Werkzeug. It old, but very interesting. When i try to find website in shodan, i found 30s website use pyspider. Pyspider is python opensource, you can download and install it from: https://github.com/binux/pyspider  
It had one problem, it not authentication. Anyone can access.  

[![](https://cdn.hashnode.com/res/hashnode/image/upload/v1676120669976/91af45d6-154a-45fa-98bf-f78839c696f2.png)](https://2.bp.blogspot.com/-ZF5tlEOBpbY/V87oDg41FXI/AAAAAAAABwA/rLkf7zLYMrApo8elZEaq3MGyN0OidmLIQCLcB/s1600/1.png)

  
When click to one process, you can go to debug mode. And you can edit python code. So, you can use it to run code execute. It is RCE.  
  

[![](https://cdn.hashnode.com/res/hashnode/image/upload/v1676120672330/e633eb0e-8b4f-47a3-8a0d-269f3973ac9a.png)](https://1.bp.blogspot.com/-RIVTKygCZWA/V87oabZg2gI/AAAAAAAABwE/sLsQx4M4_vowNE_s_MNH1RuZwyJ7ypN0gCLcB/s1600/2.png)

  
This is my POC:  

>        import subprocess  
>         p = subprocess.Popen(\["id","-m"\], stdout=subprocess.PIPE)  
>         output, err = p.communicate()  
>         print(output)

  

\----------------------------------------------------------

Thanks for reading

\--------------------------------------------------------------------------

Security Research

SecurityLab - Linux Lab -- Window and Cisco Lab

to be continued - I will update more.

Nam Habach

RCE in Pyspider