From e2706a9bc44fca9f3ed7d349fb284373cb068cd9 Mon Sep 17 00:00:00 2001
From: THEON-1 <git@theon-1.de>
Date: Sun, 21 Dec 2025 00:32:42 +0100
Subject: [PATCH] What's your Input

---
 whats_your_input/in.py   | 37 +++++++++++++++++++++++++++++++++++++
 whats_your_input/sol.txt | 13 +++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 whats_your_input/in.py
 create mode 100644 whats_your_input/sol.txt

diff --git a/whats_your_input/in.py b/whats_your_input/in.py
new file mode 100644
index 0000000..9866d34
--- /dev/null
+++ b/whats_your_input/in.py
@@ -0,0 +1,37 @@
+#!/usr/bin/python2.7 -u
+import random
+
+cities = open("./city_names.txt").readlines()
+city = random.choice(cities).rstrip()
+year = 2018
+
+print("What's your favorite number?")
+res = None
+while not res:
+    try:
+        res = input("Number? ")
+        print("You said: {}".format(res))
+    except:
+        res = None
+
+if res != year:
+    print("Okay...")
+else:
+    print("I agree!")
+
+print("What's the best city to visit?")
+res = None
+while not res:
+    try:
+        res = input("City? ")
+        print("You said: {}".format(res))
+    except:
+        res = None
+
+if res == city:
+    print("I agree!")
+    flag = open("./flag").read()
+    print(flag)
+else:
+    print("Thanks for your input!")
+
diff --git a/whats_your_input/sol.txt b/whats_your_input/sol.txt
new file mode 100644
index 0000000..e60a0d3
--- /dev/null
+++ b/whats_your_input/sol.txt
@@ -0,0 +1,13 @@
+https://github.com/3ls3if/Cybersecurity-Notes/blob/main/real-world-and-and-ctf/scripts-and-systems/python2-input-vulnerability.md
+
+Python 2 input vulnerability is a security flaw that arises due to the usage of the input() function in Python 2. Unlike its Python 3 counterpart, the input() function in Python 2 evaluates the input as Python code rather than treating it as a simple string. This behavior can lead to serious security vulnerabilities if the input is not properly sanitized or validated.
+Consider a scenario where a Python 2 application uses the input() function to accept user input for executing system commands. If an attacker enters malicious code instead of expected input, the interpreter will execute it without any restrictions, potentially allowing the attacker to run arbitrary commands on the system.
+
+# Python 2 vulnerable code
+e = input("Enter your name: ")
+print e
+
+# payload
+'__import__("os").system("uname -a")'
+
+