python-catalin: vulnerability

Showing posts with label vulnerability. Show all posts

Showing posts with label vulnerability. Show all posts

Thursday, February 23, 2017

The bad and good urllib.

This is a simple python script:

import urllib
opener = urllib.FancyURLopener({})
f = opener.open("http://www.ra___aer.ro/")
d=f.read()
fo = open('workfile.txt', 'w')
fo.write(d)
fo.close()

The really bad news comes from here:
http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html

Subscribe to: Comments (Atom)