python-code-injection
OfficialExecute Python code in web apps.
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the critical security vulnerability of Python code injection, allowing you to exploit flaws in web applications where user input is evaluated directly by Python's eval(), exec(), or compile() functions.
Core Features & Use Cases
- Vulnerability Confirmation: Precisely identify and confirm Python code injection flaws, distinguishing them from OS command injection and Server-Side Template Injection (SSTI).
- Exploitation: Execute arbitrary Python code and escalate to OS command execution through various injection contexts (string interpolation, direct evaluation, etc.).
- Payload Generation: Provides a comprehensive set of payloads for command execution, reverse shells, and data exfiltration, including techniques for bypassing filters and restricted built-ins.
- Use Case: A penetration tester discovers that a web application's search functionality passes user input directly to
eval(). This Skill enables them to confirm the vulnerability, execute commands likeidorwhoami, and potentially gain a reverse shell on the target server.
Quick Start
Use the python-code-injection skill to confirm code injection by evaluating the expression '7*7'.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: python-code-injection Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#python-code-injection Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.