14 lines
944 B
Plaintext
14 lines
944 B
Plaintext
https://github.com/3ls3if/Cybersecurity-Notes/blob/main/real-world-and-and-ctf/scripts-and-systems/python2-input-vulnerability.md
|
|
|
|
Python 2 input vulnerability is a security flaw that arises due to the usage of the input() function in Python 2. Unlike its Python 3 counterpart, the input() function in Python 2 evaluates the input as Python code rather than treating it as a simple string. This behavior can lead to serious security vulnerabilities if the input is not properly sanitized or validated.
|
|
Consider a scenario where a Python 2 application uses the input() function to accept user input for executing system commands. If an attacker enters malicious code instead of expected input, the interpreter will execute it without any restrictions, potentially allowing the attacker to run arbitrary commands on the system.
|
|
|
|
# Python 2 vulnerable code
|
|
e = input("Enter your name: ")
|
|
print e
|
|
|
|
# payload
|
|
'__import__("os").system("uname -a")'
|
|
|
|
|