Twitter | Pretraživanje | |
Steve Christey Coley 19. pro
Odgovor korisniku/ci @natashenka
huh? no vuln here, assuming the code isn't set[ug]id! The user already has privileges to execute python code! It's just an undocumented API feature for other things invoking this program, nothing to see here ;-)
Reply Retweet Označi sa "sviđa mi se"
Natalie Silvanovich 19. pro
Odgovor korisniku/ci @SushiDude
Ha ha! It’s just a bad habit to get into, what if you’re loading the port from somewhere untrusted next time?
Reply Retweet Označi sa "sviđa mi se"
Tyrell Daniel Nelson 27. pro
Odgovor korisniku/ci @natashenka @nilpointer1
Perfectly acceptable use of eval.. In this case if you can input something that can cause damage, you could cause damage without eval as you would already have shell access.. It would be different if you were processing input from a client over the network like this
Reply Retweet Označi sa "sviđa mi se"
Natalie Silvanovich 27. pro
Odgovor korisniku/ci @TyrellDanielNe1 @nilpointer1
The problem is that they’re teaching people who often don’t know much about python to use eval to convert integers without context
Reply Retweet Označi sa "sviđa mi se"
Baa. 19. pro
Odgovor korisniku/ci @natashenka
Reply Retweet Označi sa "sviđa mi se"
badidea 💫 18. pro
Odgovor korisniku/ci @natashenka
w— why would—
Reply Retweet Označi sa "sviđa mi se"
Daniel Carosone ⬡ 🇸🇪 🇮🇹 🇦🇺 19. pro
Odgovor korisniku/ci @0xabad1dea @natashenka
I assume it's some YOLO "parse as number" shorthand that "everyone knows" is just for demo purposes and you're only supposed to learn from the important parts of that demo
Reply Retweet Označi sa "sviđa mi se"
Seif ElSallamy 18. pro
Odgovor korisniku/ci @natashenka
*copying and pasting the code to my remote nuclear reactor app*
Reply Retweet Označi sa "sviđa mi se"
Ming Chow 19. pro
Odgovor korisniku/ci @natashenka
There’s a reason why I have a CTF challenge that involves eval() in my class.
Reply Retweet Označi sa "sviđa mi se"
Jann Horn 19. pro
Odgovor korisniku/ci @natashenka
knows how to do it properly
Reply Retweet Označi sa "sviđa mi se"