What's your Input
This commit is contained in:
THEON-1
13
whats_your_input/sol.txt
Normal file
13
whats_your_input/sol.txt
Normal file
@@ -0,0 +1,13 @@
|
||||
https://github.com/3ls3if/Cybersecurity-Notes/blob/main/real-world-and-and-ctf/scripts-and-systems/python2-input-vulnerability.md
|
||||
|
||||
Python 2 input vulnerability is a security flaw that arises due to the usage of the input() function in Python 2. Unlike its Python 3 counterpart, the input() function in Python 2 evaluates the input as Python code rather than treating it as a simple string. This behavior can lead to serious security vulnerabilities if the input is not properly sanitized or validated.
|
||||
Consider a scenario where a Python 2 application uses the input() function to accept user input for executing system commands. If an attacker enters malicious code instead of expected input, the interpreter will execute it without any restrictions, potentially allowing the attacker to run arbitrary commands on the system.
|
||||
|
||||
# Python 2 vulnerable code
|
||||
e = input("Enter your name: ")
|
||||
print e
|
||||
|
||||
# payload
|
||||
'__import__("os").system("uname -a")'
|
||||
|
||||
|
||||
Reference in New Issue
Block a user