Login Page Enter Your Login Name: Enter Your Password: Login.py: #!/usr/local/bin/python Import Cgi Def Header(title): Print “Content-type: Text/htmln” Print “nn%snnn” % (title) Def Footer(): Print “” Form = Cgi.FieldStorage() Password = “python” If Not Form: Header(“Login Response”) Elif Form.has_key(“login”) And Form[“login”].value != “” And …

 Login Page Enter Your Login Name: Enter Your Password: Login.py: 
#!/usr/local/bin/python Import Cgi Def Header(title): Print

Transcribed Text:
Question: Login Page Login Page Enter your login name: Enter your password:
login.py: #!/usr/local/bin/python import cgi def header(title):
print “Content-type: text/htmln” print “nn%nnn” % (title)
def footer:
print “” form = cgi.Field Storage password = “python” if not form:
header(“Login Response”) elif form.has_key(“login”) and form[“login”).value != “” and form.has_key(“password”) and form[“password”).value == password: header(“Connected…”)
print “Welcome back;”, form[“login”).value,”> printr””””*” % (form[“login”).value)
print “Click here to start browsing” else: header(“No success!”)
print “Please go back and enter a valid login.” footer I would like to make this login form vulnerable to RCE (remote code execution), is this possible with the function eval() or exec(). I am looking for functions that introduce a vulnerability within the login form. Are there whole classes/modules that contain dangerous functionally? Also would it be possible to make this login form vulnerable to remote code execution?
Expert Answer
Muffin Man805 answered this 14 answers
Was this answer helpful?
Bs P1
I would like to make this login form vulnerable to RCE (remote code execution), is this possible with the function eval() or exec()?
Yes. If you pass unchecked user input to either of those functions then you are allowing remote code execution.
I am looking for functions that introduce a vulnerability within the login form.I am particularly interested in Remote Code Execution vulnerabilities. Are there whole classes/modules that contain dangerous functionally?
Yes. Python can open files/delete files/connect to databases/etc. So yes there is plenty of bad things that could happen if you can execute arbitrary code.
Also would it be possible to make this login form vulnerable to remote code execution?
Yes. See above.

Leave a Reply

Your email address will not be published. Required fields are marked *