python input vulnerability

python input vulnerability







hi guys today i will show you how little mistake in write code can lead to expose data or RCE on sever .
as we know python has function that take input from user can save it in variable .
in python 2.x version we find input function   and it built-in function input in module __builtin__ 
let check what mean this method by using help(input)



it 's  equivalent to eval(raw_input)
ok raw_input it's another function take input from user but in input function it's add eval as we know eval it  function evaluates a string of text which is passed as its parameter, accepting possible second argument for the global values to use during evaluation.
let make quick demo 


and if we enter number it will display it but what if we enter 2+4 it will display 6 because it's use eval as part of input function as we see above from here we can use  __builtin__  module to get 


some RCE can get shell in box 






input vulnerability it'not stop here but they have ability to read value like you system connect to database can when user enter password it will compare it with  password store in database
assume database select query store in  db_user and user enter this db_user  it will read real value came from database and can bypass login without knowing real password .

as we see little mistake can lead to big problem 



Comments

  1. This comment has been removed by the author.

    ReplyDelete
  2. thank you for sharing wonderful information
    python training in Hyderabad the best career

    ReplyDelete
  3. Awesome work! That is quite appreciated. I hope you’ll get more success.
    Python Training in Chennai | Python Training Institute in Chennai

    ReplyDelete
  4. I like your blog, I read this blog please update more content on hacking, further check it once at python online training

    ReplyDelete

Post a Comment

Popular posts from this blog

Introduction how to Exploit JWT

Bypass ASLR+NX Part 1