Skip to main content

Can wrong code can lead to RCE?

Yes I am talking about Python input vulnerability which exists in only Python 2 version.
Even code written in python 3 and  executed in python2 can be exploited.

So I wrote test code in python3 and i executed in python 2 to check it




Above is the following code

Now it's execution


It's performing some action unlike raw_input which considers everything as string.

Now what if i type vulnerable code inside

 

And we can import any library also.


Comment below to make it a reverse shell.

Comments

Post a Comment

Popular posts from this blog

Solve http://xss-game.appspot.com/ Without Actually Solving It

First install web extension EditThisCookie from  http://www.editthiscookie.com/ Then open http://r00tz-web-intro.appspot.com/rootz And solve all challenges in it. They are all damn easy. when you have solved all levels in it and paste it's cookies in  http://xss-game.appspot.com/ and refresh the home page. And you will see that you have completed all the levels.
Post a Comment
Read more

Want a P5 bug or escalate it to P3 or P4

Hello Everyone, Many months back when i was testing on hackerone and i came across Jenkins instance. So first and foremost i did directory bruteforce and found interesting thing  on Jenkins instance i reported it got closed as informational as it was a VDP (was noob back there) I came across some more programs on jenkins instance and same error also appeared there . So i searched for more instances and it was working on all of then. What was the issue? Let's say target.com is jenkins instance so if we hit http://target.com/assets/ It throws stack error giving us instance information REPORTED I reported this to jenkins https://www.jenkins.io/security/ and after some days i recieved a  mail   I was so glad that i was going to get CVE in my pocket. BUT unfortunately So i guess i wasn't getting any CVE So if anyone want any information about instance or plugins feel free to use above method if not fixed Here's Jira issue https://issues.jenki...
Post a Comment
Read more

How To Access Dark Web Using Tor

First of all accessing Dark Web is not illegal .Here we remain anonymous and share information.But there are some sites which are not meant to be open in Dark web.Until and Unless you use it wisely ,You are safe and secured. First dowload it tor browser: Here's the link- https://www.torproject.org/download/download-easy.html.en Then install it.according to your settings. If your college/University blocks tor,then use bridge in it. :-Choose connect if connection is not blocked :-Choose configure if it is blocked :-Click Yes and then Next :-use any of the bridges to connect and click Next :-Check if your computer uses local proxy in internet settings :-after that click Connect :-Wait for few seconds and     finally it will be open Use any vpn with it for more security and then go to onion websites and explore. Follow these links for more information: https://www.deepweb-sites.com/               ...
Post a Comment
Read more