How do you set up a stack?
Remco Gerlich
scarblac at pino.selwerd.nl
Wed May 9 05:13:20 EDT 2001
s713221 at student.gu.edu.au <s713221 at student.gu.edu.au> wrote in comp.lang.python:
> However, all of these are dealing with numbers. I'd be interested to see
> if someone did have an example of a malicious eval use. (In fact I'd be
> downright anxious to know of any eval security weaknesses. *grins*)
eval("getattr(__import__('os'), 'system')('ls')")
This only relies on builtin names. Finding more malicious commands than 'ls'
is left as an excercise for the reader.
--
Remco Gerlich
More information about the Python-list
mailing list