intx0x80

python input vulnerability hi guys today i will show you how little mistake in write code can lead to expose data or RCE on sever . as we know python has function that take input from user can save it in variable . in python 2.x version we find input function   and it built-in function input in module __builtin__  let check what mean this method by using help(input) it 's  equivalent to eval(raw_input) ok raw_input it's another function take input from user but in input function it's add eval as we know eval it  function evaluates a string of text which is passed as its parameter, accepting possible second argument for the global values to use during evaluation. let make quick demo  and if we enter number it will display it but what if we enter 2+4 it will display 6 because it's use eval as part of input function as we see above from here we can use  __builtin__  module to get  some RCE can get shell in box