Skip to content

python docx

Jump to bottom
Willis Vandevanter edited this page May 5, 2023 · 2 revisions

Build the vulnerable code and start the container

The vulnerable docker container is in ./test/python-docx-vulnerable:

cd ./test/python-docx-vulnerable
docker build --tag pdocx .
docker run --rm -d -p 5000:5000 --name pdocx pdocx

Build the exploit docx

The following example build creates a docx that outputs /etc/passwd:

Screenshot from 2023-05-05 07-03-48

Use the test script to upload the file

The test directory has a simple script to upload your exploit file.

ruby test/upload_file_to_endpoint.rb output/output_1683284041_all_rr.docx

The contents from /etc/passwd inside the container should be displayed in the response.

Screenshot from 2023-05-05 07-06-19

Clone this wiki locally