STINNER Victor <vstin...@python.org> added the comment:
I searched for "pydoc by Ka-Ping Yee" in Google and only found two online pydoc services: * https://gae-pydoc.appspot.com/ * http://www.cc.kyoto-su.ac.jp/~atsushi/Programs/VisualWorks/CSV2HTML/CSV2HTML_PyDoc/index_of_modules.html The first one runs on Python 2.7 which doesn't have the getfile feature (added in Python 3.6), the second one is a static website. => there is no public vulnerable website: good! I don't think that pydoc is commonly used to run a server on the Internet. ---------- title: Information disclosure via pydoc -p -> Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue42988> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
