Shulou(Shulou.com)06/01 Report--

Vulnerability of input () function in Python

A brief introduction to the function:

The input () function is a built-in function in python, which is used to read data from stdin.

Friends who like python2 know that there are two common input functions in python: the input () function and the raw_input () function, but we often use the raw_input () function when writing scripts to use the input function. Why is that? Because the input () function has a very big security risk in python2. So when we learn python by ourselves, in the textbook, the teacher says that we recommend the raw_input () function. What are the specific security risks of the Input () function? Take your time!

2. The difference between input () function and raw_input () function.

1. Input () function, which can automatically identify the type of input (str,int,fload).

The raw_input () function, which completely defaults to the str string type

2. If the input () function receives a mathematical formula, it will automatically execute the result (the cause of the vulnerability).

The raw_input () function displays the input as a string.

Example:

Input a string of 3x2, which is processed by the input () function and gets 5.

The raw_input () function does not have this problem.

Third, the cause of the loophole in the input () function.

This function executes the stdin input as python code (just like performing a calculation, it is treated as python code, and the result is returned by calculation). What if the result we are going to enter is to view the contents of the / etc/passwd file? Obviously, the loophole here is not small. Next, let's demonstrate.

First of all, we need to know how to invoke system commands in python. There are many ways to explain this one by one. Friends can go to Baidu. Here I take advantage of the system () method of the os module.

Experimental results:

Import (): is a built-in function in python, which is the same as the syntax import and is a calling module

System () is the method in the os module, which is used to call system commands

Cat / etc/passwd system command to view the contents of the file / etc/passwd

IV. Actual combat with CTF examples

Source: https://junior.stillhackinganyway.nl/challenges?chal=13#challenge-information

Topic content:

This program consists of only 4 words, and still they've made a mistake. Read the flag from / home/small/flag

Nc small.stillhackinganyway.nl 1337 *

A script is attached to the title:

This topic is to take advantage of the so-called input () function vulnerability.

Type input () and let the input () function in the script execute the input () function we entered. So we can re-enter the statement we constructed to view flag:

_ _ import__ ('os'). System (' cat / home/small/flag')

Fifth, vulnerability repair

In python2, it is recommended to use the raw_input () function, but try not to use the input () function. In python3, the input () function is changed to a string by default.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.