Code Injection in c0oki3s/python-tools


Reported on

May 3rd 2021

✍️ Description

python-tools is using an unsecure input function in Given that the script can be run using python2 or python3, if you feed the program with a python command and the python interpreter is python2, then the interpreter will eval() your input

🕵️‍♂️ Proof of Concept

Run Then when asked to enter an input, enter the following


💥 Impact

Code execution. Please raw_input instead.

to join this conversation