huh? no vuln here, assuming the code isn't set[ug]id! The user already has privileges to execute python code! It's just an undocumented API feature for other things invoking this program, nothing to see here ;-)
-
-
-
Ha ha! It’s just a bad habit to get into, what if you’re loading the port from somewhere untrusted next time?
- Još 1 odgovor
Novi razgovor -
-
-
Perfectly acceptable use of eval.. In this case if you can input something that can cause damage, you could cause damage without eval as you would already have shell access.. It would be different if you were processing input from a client over the network like this
-
The problem is that they’re teaching people who often don’t know much about python to use eval to convert integers without context
- Još 1 odgovor
Novi razgovor -
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
w— why would—
-
I assume it's some YOLO "parse as number" shorthand that "everyone knows" is just for demo purposes and you're only supposed to learn from the important parts of that demo
- Još 2 druga odgovora
Novi razgovor -
-
-
*copying and pasting the code to my remote nuclear reactor app*
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
There’s a reason why I have a CTF challenge that involves eval() in my class.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
https://svn.python.org/projects/python/trunk/Demo/sockets/echosvr.py … knows how to do it properly
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.