Server Side Request Forgery
- Could access services on localhost
- Access other hosts in DMZ
- Bypass host-based authentication systems
Urllib: accepts file://
Pycurl accepts gopher://
Preventing: blacklist is error prone.
XML External Entity (XXE):
Signed cookies - session data is visible to user.
Also unless it’s got discount applied, just reapply discount. Can have a unique number that is issued each time we give discount.
Don’t use pickle as could execute shellcode but instead use JSON.
Pentesting challenges: http://tinyurl.com/h4ckit (opens new window)