huh? no vuln here, assuming the code isn't set[ug]id! The user already has privileges to execute python code! It's just an undocumented API feature for other things invoking this program, nothing to see here ;-)
-
-
-
Ha ha! It’s just a bad habit to get into, what if you’re loading the port from somewhere untrusted next time?
- 1 more reply
New conversation -
-
-
Perfectly acceptable use of eval.. In this case if you can input something that can cause damage, you could cause damage without eval as you would already have shell access.. It would be different if you were processing input from a client over the network like this
-
The problem is that they’re teaching people who often don’t know much about python to use eval to convert integers without context
- 1 more reply
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
w— why would—
-
I assume it's some YOLO "parse as number" shorthand that "everyone knows" is just for demo purposes and you're only supposed to learn from the important parts of that demo
- 2 more replies
New conversation -
-
-
*copying and pasting the code to my remote nuclear reactor app*
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
There’s a reason why I have a CTF challenge that involves eval() in my class.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
https://svn.python.org/projects/python/trunk/Demo/sockets/echosvr.py … knows how to do it properly
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.