Skip to main content

Can wrong code can lead to RCE?

Yes I am talking about Python input vulnerability which exists in only Python 2 version.
Even code written in python 3 and  executed in python2 can be exploited.

So I wrote test code in python3 and i executed in python 2 to check it




Above is the following code

Now it's execution


It's performing some action unlike raw_input which considers everything as string.

Now what if i type vulnerable code inside

 

And we can import any library also.


Comment below to make it a reverse shell.

Comments

Post a Comment

Popular posts from this blog

Want a P5 bug or escalate it to P3 or P4

Hello Everyone, Many months back when i was testing on hackerone and i came across Jenkins instance. So first and foremost i did directory bruteforce and found interesting thing  on Jenkins instance i reported it got closed as informational as it was a VDP (was noob back there) I came across some more programs on jenkins instance and same error also appeared there . So i searched for more instances and it was working on all of then. What was the issue? Let's say target.com is jenkins instance so if we hit http://target.com/assets/ It throws stack error giving us instance information REPORTED I reported this to jenkins https://www.jenkins.io/security/ and after some days i recieved a  mail   I was so glad that i was going to get CVE in my pocket. BUT unfortunately So i guess i wasn't getting any CVE So if anyone want any information about instance or plugins feel free to use above method if not fixed Here's Jira issue https://issues.jenki...
Post a Comment
Read more

Skills needed to become a Hacker

The Essential Skills to Becoming a Master Hacker DISCLAIMER:  I blatantly copied this from http://null-byte.wonderhowto.com/how-to/essential-skills-becoming-master-hacker-0154509/ for all aspiring hackers (if they haven't seen it already, or just to remind). I will not take credit for the content, only for copying/pasting it like a God for you all. There are many already skilled people in the community, and also just curious minds starting out. This is what you need. ---START OF COPY_PASTE--- Many of my aspiring hackers have written to me asking the same thing. "What skills do I need to be a good hacker?" As the hacker is among the most skilled information technology disciplines, it requires a wide knowledge of IT technologies and techniques. To truly be a great hacker, one must master many skills. Don't be discouraged if you don't have all the skills I list here, but rather use this list as a starting ground for what you need to study and master in ...
3 comments
Read more

Solve http://xss-game.appspot.com/ Without Actually Solving It

First install web extension EditThisCookie from  http://www.editthiscookie.com/ Then open http://r00tz-web-intro.appspot.com/rootz And solve all challenges in it. They are all damn easy. when you have solved all levels in it and paste it's cookies in  http://xss-game.appspot.com/ and refresh the home page. And you will see that you have completed all the levels.
Post a Comment
Read more