A practical handbook for discovering, understanding, and exploiting Python-related vulnerabilities: internals, sandboxes, deserialization, the import system, and the package ecosystem. 2026-06-16T19:49:28+00:00 https://pyfu.io/ Mohammad Askar https://pyfu.io/core-python-concepts/python-introspection/ 2026-06-11T00:00:00+00:00

In Python, introspection is the ability to examine the properties of objects at runtime. Since everything in Python is an object including functions, classes, modules, and even types themselves, in...

https://pyfu.io/core-python-concepts/python-magic-methods-and-attributes/ 2026-06-11T00:00:00+00:00

Python magic methods, also called dunder methods which is short for double underscore, are special functions that allow developers to define how objects behave under various operations.

https://pyfu.io/core-python-concepts/python-object-model-and-mro/ 2026-06-12T00:00:00+00:00

Everything in Python is an object, and every object knows its class, its class knows its parents, and the chain of parents always ends at a single root: object. That chain is the connective tissue ...

https://pyfu.io/core-python-concepts/python-packages/ 2026-06-11T00:00:00+00:00

In Python, a package is a way of structuring and organizing related modules (Python files) under a common namespace; This makes it easier to manage, distribute, and reuse code across different part...

https://pyfu.io/core-python-concepts/python-type-hinting-and-annotations/ 2026-06-11T00:00:00+00:00

Python is a dynamically typed language, which means variables and function arguments do not require explicit types, the interpreter figures them out at runtime.

https://pyfu.io/core-python-concepts/python-under-the-hood/ 2026-06-11T00:00:00+00:00

Python is an interpreted, high-level programming language, which means that its code is executed directly by an interpreter rather than being compiled into machine-level instructions beforehand.

https://pyfu.io/core-python-concepts/python-virtual-environment/ 2026-06-11T00:00:00+00:00

Python Virtual Environment venv is an isolated environment that allows you to install and manage Python packages independently from the system-wide Python installation.

https://pyfu.io/core-python-concepts/python-web-interfaces/ 2026-06-11T00:00:00+00:00

In Python web development, two major interfaces define how web applications communicate with servers which are:

https://pyfu.io/pyfu-labs/setup-environment-to-practice-pyfu-examples/ 2026-06-12T00:00:00+00:00

PyFu ships with a simple and practical lab environment for practicing Python exploitation techniques. All examples demonstrated throughout PyFu were tested on Ubuntu 24.04 with Python 3.12 to ensur...

https://pyfu.io/pyfu-python-exploitation-handbook/ 2026-06-12T00:00:00+00:00

This is an early release of PyFu! New content will be published on regular basis, if you find anything doesn’t look right please send me an email at askar[@]pyfu[.]io

https://pyfu.io/python-based-vulnerabilities-anatomy/command-injection/python-command-injection/ 2026-06-12T00:00:00+00:00

Python command injection: the shell-invoking sinks (os.system, os.popen, subprocess shell=True) and how user input breaks out of the intended command.

https://pyfu.io/python-based-vulnerabilities-anatomy/dynamic-code-execution/insecure-dynamic-code-evaluation-and-execution-in-python/ 2026-06-11T00:00:00+00:00

Python provides the ability to dynamically evaluate and execute expressions at runtime using the built-in eval() function.

https://pyfu.io/python-based-vulnerabilities-anatomy/import-system-abuse/import-system-abuse-with-pth-files-and-sys-meta-path/ 2026-06-11T00:00:00+00:00

Python’s import system is far more programmable than the import statement suggests, and that programmability is an attack surface in its own right. Two mechanisms in particular let an attacker run ...

https://pyfu.io/python-based-vulnerabilities-anatomy/insecure-deserialization/insecure-deserialization-python-pickle/ 2026-06-12T00:00:00+00:00

Exploit Python pickle deserialization for remote code execution via __reduce__, see where the sink hides (sessions, caches, queues), and how to fix it.

https://pyfu.io/python-based-vulnerabilities-anatomy/insecure-deserialization/insecure-deserialization-python-shelve/ 2026-06-11T00:00:00+00:00

shelve is a built-in Python module that provides persistent storage of Python objects in a dictionary-like interface; Developers can store complex data types without worrying about serialization lo...

https://pyfu.io/python-based-vulnerabilities-anatomy/insecure-deserialization/insecure-deserialization-unsafe-yaml-loading/ 2026-06-12T00:00:00+00:00

Unsafe YAML loading in Python: yaml.load and UnsafeLoader construct arbitrary objects for RCE, and why yaml.safe_load is the fix.

https://pyfu.io/python-based-vulnerabilities-anatomy/insecure-deserialization/serialization-and-deserialization-concept/ 2026-06-11T00:00:00+00:00

Serialization as a Concept

https://pyfu.io/python-based-vulnerabilities-anatomy/object-model-exploitation/walking-the-python-object-graph-with-subclasses/ 2026-06-11T00:00:00+00:00

Almost every Python sandbox escape, pickle gadget, and template-injection RCE you will ever write ends in the same place: walking from some harmless object up to the base object type, enumerating i...

https://pyfu.io/python-based-vulnerabilities-anatomy/path-traversal/insecure-file-access-and-path-traversal-in-python/ 2026-06-12T00:00:00+00:00

Path traversal in Python: how open, os.path.join and pathlib mishandle ../ and absolute paths, why existence checks are not a defense, and how to fix it.

https://pyfu.io/python-based-vulnerabilities-anatomy/python-vulnerability-anatomy/ 2026-06-11T00:00:00+00:00

Python’s greatest strengths as a language are also its broadest attack surface. It is dynamic, interpreted, and deeply introspective: code can build and run more code at runtime, objects can be ser...

https://pyfu.io/python-based-vulnerabilities-anatomy/sandbox-escapes/escaping-python-exec-and-eval-sandboxes/ 2026-06-12T00:00:00+00:00

Escaping Python eval/exec sandboxes: rebuild builtins and climb the object graph to break out of __builtins__-stripped jails, and why sandboxing is brittle.

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/authentication-bypass-via-development-environment-headers-abuse/ 2026-06-11T00:00:00+00:00

This example explain another common authentication vulnerability in Web Python-based applications, where developers introduce a special “developer shortcut” instead of enforcing proper authenticati...

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/authentication-bypass-via-unsafe-python-deserialization/ 2026-06-12T00:00:00+00:00

Some applications skip JWTs and signed cookies entirely and store session state by pickling a Python object straight into a cookie. This collapses two problems into one: the privilege-escalation ri...

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/broken-access-control-in-fastapi-applications/ 2026-06-12T00:00:00+00:00

Broken access control in FastAPI: one route forgets its Depends() auth guard and is reachable unauthenticated while its siblings are protected, and how to fix it.

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/broken-access-control-in-flask-applications/ 2026-06-12T00:00:00+00:00

This example demonstrates a common access control vulnerability in Flask applications, where some endpoints enforce proper authentication and role-based access, but one sensitive endpoint lacks the...

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/business-logic-vulnerabilities-in-fastapi-applications/ 2026-06-12T00:00:00+00:00

Business Logic Vulnerabilities occur when an application’s core functionality can be abused due to flaws in how developers implemented or enforced the intended workflows, rather than due to missing...

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/business-logic-vulnerabilities-in-flask-applications/ 2026-06-11T00:00:00+00:00

Business Logic Vulnerabilities occur when an application’s core functionality can be abused due to flaws in how developers implemented or enforced the intended workflows, rather than due to missing...

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/jwt-attacks/authentication-bypass-via-broken-jwt-validation/ 2026-06-12T00:00:00+00:00

In the Introduction to JSON Web Tokens in Python section, we covered how a JWT’s signature is what guarantees its integrity: the server recomputes the HMAC over the header and payload and rejects t...

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/jwt-attacks/authentication-bypass-via-jwt-hardcoded-secret/ 2026-06-12T00:00:00+00:00

As covered in Introduction to JSON Web Tokens in Python, an HS256 token is only as trustworthy as the secret used to sign it. The server proves a token is authentic by recomputing the HMAC with tha...

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/jwt-attacks/cracking-weak-jwt-signing-keys/ 2026-06-11T00:00:00+00:00

When a JWT is signed with HS256 (or any HMAC variant), its entire security rests on the secrecy and entropy of one symmetric key. That key signs and verifies, so anyone who recovers it can mint tok...

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/jwt-attacks/forging-jwts-with-the-none-algorithm/ 2026-06-12T00:00:00+00:00

Forge JWTs with the alg:none attack: drop the signature, set role to admin, and bypass authentication, plus how to validate algorithms to stop it.

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/jwt-attacks/introduction-to-json-web-tokens-in-python/ 2026-06-11T00:00:00+00:00

JSON Web Token (JWT) is a widely adopted mechanism for stateless authentication and authorization in modern web applications.

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/jwt-attacks/jwt-algorithm-confusion-rs256-to-hs256/ 2026-06-12T00:00:00+00:00

JWT algorithm confusion (RS256 to HS256): sign tokens with the public key as an HMAC secret to bypass auth, and how to pin the expected algorithm.

https://pyfu.io/python-based-web-application-attacks/authentication-and-authorization-attacks/jwt-attacks/jwt-header-injection-via-jku-jwk-and-kid/ 2026-06-11T00:00:00+00:00

JWT headers can carry parameters that tell the verifier which key to use, and that is a dangerous amount of trust to place in attacker-controlled data. Three header fields, jwk, jku, and kid, all i...

https://pyfu.io/python-based-web-application-attacks/code-execution-via-dynamic-python-code-invokation/ 2026-06-12T00:00:00+00:00

Dynamic code invocation in Python allows developers to call functions and instantiate classes at runtime using string-based references. While this provides flexibility for plugin systems and config...

https://pyfu.io/python-based-web-application-attacks/exposed-fastapi-documentation-page/ 2026-06-12T00:00:00+00:00

Exposed FastAPI docs: how /docs and /openapi.json leak the full API surface including admin endpoints, and how to lock them down in production.

https://pyfu.io/python-based-web-application-attacks/injection-attacks/prompt-injection-in-python-llm-backends/ 2026-06-12T00:00:00+00:00

Prompt injection in Python LLM backends: hijack model instructions to reach tools and data, including indirect injection, and how to constrain it.

https://pyfu.io/python-based-web-application-attacks/injection-attacks/server-side-template-injection-ssti-in-ai-prompt-templates/ 2026-06-12T00:00:00+00:00

Large Language Model (LLM) applications rarely send raw user input to the model. Instead, they wrap it in a prompt template, a parameterized string that mixes fixed instructions with dynamic values...

https://pyfu.io/python-based-web-application-attacks/injection-attacks/server-side-template-injection-ssti-in-flask-application/ 2026-06-12T00:00:00+00:00

Server-Side Template Injection (SSTI) in Flask/Jinja2: confirm with {{7*7}}, escalate to RCE through the object graph, and keep user input out of templates.

https://pyfu.io/python-based-web-application-attacks/injection-attacks/sql-injection-sqli-in-flask-application/ 2026-06-12T00:00:00+00:00

SQL injection in Flask: exploit string-built queries with UNION and boolean payloads to dump data, then fix it with parameterized queries.

https://pyfu.io/python-based-web-application-attacks/injection-attacks/vanilla-command-injection-in-flask-application/ 2026-06-12T00:00:00+00:00

The Python Command Injection section broke down the individual functions that hand strings to the system shell. This section shows the same flaw in its natural habitat: a real Flask application whe...

https://pyfu.io/python-based-web-application-attacks/injection-attacks/xml-external-entity-xxe-injection-in-flask-application/ 2026-06-12T00:00:00+00:00

XXE injection in Flask: abuse XML external entities to read local files and reach internal services, and how to disable entity resolution to mitigate.

https://pyfu.io/python-based-web-application-attacks/insecure-flask-debug-mode-and-pin-bypass/ 2026-06-11T00:00:00+00:00

Flask’s debug mode provides developers with an interactive debugger that activates when an unhandled exception occurs. While invaluable during development, enabling debug mode in production exposes...

https://pyfu.io/python-based-web-application-attacks/path-traversal-in-flask-applications/ 2026-06-11T00:00:00+00:00

Flask applications can be vulnerable to path traversal attacks, which may allow attackers to read or even overwrite unauthorized files depending on how the application handles file paths and user i...

https://pyfu.io/python-based-web-application-attacks/python-library-based-attacks/python-jinja2-server-side-template-injection/ 2026-06-12T00:00:00+00:00

Jinja2 SSTI: break out of {{ }} to reach os via __globals__ and __subclasses__ for RCE, and the durable fix for Python template injection.

https://pyfu.io/python-based-web-application-attacks/python-library-based-attacks/python-lxml-insecure-xml-parsing/ 2026-06-11T00:00:00+00:00

lxml library is one of the most widely adopted XML parsing libraries in Python due to its rich feature set, high parsing performance, and compliance with XML specifications.

https://pyfu.io/python-based-web-application-attacks/python-library-based-attacks/python-pandas-library-arbitrary-command-execution/ 2026-06-11T00:00:00+00:00

The pandas library is one of the most widely used data manipulation tools in the Python ecosystem, particularly in data science, analytics, and backend services that process tabular data.

https://pyfu.io/python-based-web-application-attacks/python-library-based-attacks/python-requests-library-ssrf-via-url-parsing/ 2026-06-12T00:00:00+00:00

The requests library is the de facto standard for making HTTP requests in Python. It provides a simple and elegant API for interacting with web services, APIs, and remote resources.

https://pyfu.io/python-based-web-application-attacks/server-side-request-forgery-ssrf-in-flask-applications/ 2026-06-12T00:00:00+00:00

SSRF in Flask: coerce the server into fetching attacker-chosen URLs to reach internal services and cloud metadata, and how to mitigate it.

https://pyfu.io/python-web-development-frameworks/fastapi/concepts/authentication-and-authorization/fastapi-http-basic-auth/ 2026-06-11T00:00:00+00:00

HTTP Basic Authentication is a simple authentication mechanism where the client sends the username and password encoded in Base64 as part of the HTTP request headers.

https://pyfu.io/python-web-development-frameworks/fastapi/concepts/authentication-and-authorization/jwt-for-authentication-and-authorization-in-fastapi/ 2026-06-11T00:00:00+00:00

In FastAPI, JWT can be integrated into the authentication and authorization pipeline by issuing a token after a successful login, and then validating this token on protected routes.

https://pyfu.io/python-web-development-frameworks/fastapi/concepts/fastapi-dependency-injection/ 2026-06-12T00:00:00+00:00

FastAPI uses dependency injection as a core mechanism to share data and functionality across an application. You declare certain parameters as dependencies with Depends, and FastAPI resolves and pr...

https://pyfu.io/python-web-development-frameworks/fastapi/concepts/fastapi-middleware/ 2026-06-11T00:00:00+00:00

Middleware in FastAPI is a mechanism that allows you to process requests and responses globally before they reach your route handlers or after your route handlers generate a response. Middleware ru...

https://pyfu.io/python-web-development-frameworks/fastapi/concepts/fastapi-pydantic-data-models/ 2026-06-12T00:00:00+00:00

FastAPI uses Pydantic as its core data validation and serialization engine. Pydantic provides a powerful way to define data models using standard Python type hints, allowing FastAPI to automaticall...

https://pyfu.io/python-web-development-frameworks/fastapi/concepts/fastapi-router/ 2026-06-12T00:00:00+00:00

FastAPI Router is a mechanism that allows you to modularize your application into multiple logical groups of endpoints.

https://pyfu.io/python-web-development-frameworks/fastapi/concepts/running-fastapi-applications/ 2026-06-11T00:00:00+00:00

FastAPI applications are typically run using an ASGI server which is one of the most common servers for running FastAPI is uvicorn.

https://pyfu.io/python-web-development-frameworks/fastapi/introduction-to-fastapi-security-testing/ 2026-06-12T00:00:00+00:00

FastAPI is a modern, high-performance web framework for building APIs with Python, based on standard Python type hints. It is designed to be fast, easy to use, and highly scalable making it a popul...

https://pyfu.io/python-web-development-frameworks/fastmcp/concepts/fastmcp-authentication/ 2026-06-10T00:00:00+00:00

By default a FastMCP server has no authentication. Over the stdio transport that is reasonable, because the only caller is the local process that launched it. Over a network transport it means ever...

https://pyfu.io/python-web-development-frameworks/fastmcp/concepts/fastmcp-prompts/ 2026-06-10T00:00:00+00:00

Prompts are reusable prompt templates the server offers to clients. A prompt is a function decorated with @mcp.prompt that returns the text (or message list) the client should send to its model; th...

https://pyfu.io/python-web-development-frameworks/fastmcp/concepts/fastmcp-resources/ 2026-06-10T00:00:00+00:00

Resources are data an MCP client can read by URI, as opposed to tools, which are functions it calls. A resource is a function decorated with @mcp.resource(uri); the client lists resources with reso...

https://pyfu.io/python-web-development-frameworks/fastmcp/concepts/fastmcp-tools/ 2026-06-10T00:00:00+00:00

Tools are the functions an MCP client can call. In FastMCP a tool is any function decorated with @mcp.tool; its type hints become the JSON schema the client sees, and its return value is sent back ...

https://pyfu.io/python-web-development-frameworks/fastmcp/concepts/running-a-fastmcp-server/ 2026-06-11T00:00:00+00:00

FastMCP turns ordinary Python functions into a Model Context Protocol (MCP) server with a handful of decorators. A server is an instance of FastMCP, and the functions you decorate on it become the ...

https://pyfu.io/python-web-development-frameworks/fastmcp/introduction-to-fastmcp-security-testing/ 2026-06-12T00:00:00+00:00

FastMCP is the de facto Python framework for building Model Context Protocol (MCP) servers, the components that expose tools, resources, and prompts to LLM clients like Claude Desktop, IDEs, and ag...

https://pyfu.io/python-web-development-frameworks/fastmcp/unauthenticated-fastmcp-servers/ 2026-06-12T00:00:00+00:00

Unauthenticated FastMCP servers: enumerate and invoke exposed MCP tools, resources and prompts over HTTP with no auth, and how to require authentication.

https://pyfu.io/python-web-development-frameworks/flask/concepts/authentication-and-authorization/flask-default-session-for-authentication-and-authorization/ 2026-06-11T00:00:00+00:00

Introduction

https://pyfu.io/python-web-development-frameworks/flask/concepts/authentication-and-authorization/jwt-for-authentication-and-authorization-in-flask/ 2026-06-12T00:00:00+00:00

Before JWT in Flask Applications

https://pyfu.io/python-web-development-frameworks/flask/concepts/flask-blueprints/ 2026-06-11T00:00:00+00:00

Blueprints allow you to group related views, templates, static files, and other resources. Think of each blueprint as a mini-application.

https://pyfu.io/python-web-development-frameworks/flask/concepts/flask-decorators/ 2026-06-11T00:00:00+00:00

Flask decorators are powerful tools used to modify the behavior of view functions and handle common web app tasks such as routing, authorization, and error handling.

https://pyfu.io/python-web-development-frameworks/flask/concepts/flask-request/ 2026-06-11T00:00:00+00:00

In Flask, the request object gives you access to all incoming request data sent by the client like form inputs, JSON payloads, headers, cookies, and more.

https://pyfu.io/python-web-development-frameworks/flask/concepts/flask-routes/ 2026-06-11T00:00:00+00:00

Flask routes define how a Flask application responds to incoming HTTP requests and map specific URL paths to Python functions, often called view functions.

https://pyfu.io/python-web-development-frameworks/flask/concepts/template-rendering-in-flask/ 2026-06-11T00:00:00+00:00

In Flask, rendering HTML templates is done using the render_template() function with Jinja2 templating engine.

https://pyfu.io/python-web-development-frameworks/flask/introduction-to-flask-security-testing/ 2026-06-12T00:00:00+00:00

Flask is a lightweight and flexible web framework that enables developers to build and deploy web applications quickly using Python. Its minimalistic design, combined with the ability to integrate ...

https://pyfu.io/python-web-development-frameworks/flask/running-flask-applications/ 2026-06-11T00:00:00+00:00

Flask is a WSGI-based Python web framework, which means it is designed to run behind a WSGI server rather than being directly exposed to production traffic.

https://pyfu.io/python-web-development-frameworks/streamlit/introduction-to-streamlit-security-testing/ 2026-06-12T00:00:00+00:00

Streamlit is a Python-based open-source framework used to build interactive data applications rapidly. Its simplicity and tight integration with Python make it popular in data science and ML commun...