.comment-link {margin-left:.6em;}
Xavier's Security Post
Thursday, September 29, 2005
  Python + input() fun
As written from the Python manual:
input([prompt])
Equivalent to eval(raw_input(prompt)). Warning: This function is not safe from user errors! It expects a valid Python expression as input; if the input is not syntactically valid, a SyntaxError will be raised. Other exceptions may be raised if there is an error during evaluation.


So, it simply evaluates incoming input, and will error if it does not comform to proper syntax. Have you ever logged into a server and got faced with a nologin script some admin wrote to remind you that money is owed on the account? or to request shell access?

If you put in: "import os; os.system('touch /tmp/peepee')", you will most likely see an ugly exception being rased:
Traceback (most recent call last):
File "", line 1, in ?
File "", line 1
import os; os.system('touch /tmp/peepee')
^
SyntaxError: invalid syntax


Lame! no spaces can be used in the evaluated code. Hmm. Ley's try a dynamic import: "__import__('os').system('touch /tmp/peepee')". Oh, that worked. I'm not sure wether or not the fact dynamic imports+executions are a feature or just some strange bug in input() but if imports of modules and executions were planned through input() it wouldn't have raised an exception on the attempts before. Unless, of course, it's some bug.
 
Comments: Post a Comment

Links to this post:

Create a Link



<< Home
This public blog will be a place for me to output any Security findings, both technological and physical, that I have come about. I will post Security advisories I was apart of, and also other interesting bits of knowledge. email: xavier [at] tigerteam.se

RECENT RELEASES
Rocks Clusters <=4.1 mount-loop local root
Rocks Clusters <=4.1 umount-loop local root
TSEAD-200606-6 - Rocks Clusters <=4.1 local root
xorgmodroot.py - Xorg-server 1.0 / <=X11R6.9.0-7.0 local root
TSEAD-200509-5 - Multiple Netscape.com vulnerabilities.
TSEAD-200512-3 - Multiple vulnerabilities in KISBG <=v5.1.1
fsigk_exp.py - FSIGK for Linux <=2.10-431 local root
TSEAD-200510-4 - FSIGK for Linux <=2.10-431 advisory
ritk.php - remote inclusion pentest tool
owm_exp.py - openwebmail <=2.51+ local root
perliodebug_exp.py - perlIO_debug 5.8.* local root
bankfix.py - bank card number lookup tool
TSEAD-200412-2 - AOL XSS/file read vuln
TSEAD-200412-1 - AOL redir vuln

ARCHIVES
September 2005 / October 2005 / November 2005 / December 2005 / March 2006 / April 2006 / May 2006 / June 2006 / July 2006 / September 2006 / October 2006 /