Vulnerabilities in Python Code
OS Command Injection Vulnerable Example The following snippet contains a Flask web application written in Python that executes the nslookup command to resolve the host supplied by the user. @app.route("/dns") def page(): hostname = request.values.get(hostname) cmd = 'nslookup ' + hostname return subprocess.check_output(cmd, shell=True) We can see the hostname appended to the command and executed on a subshell with the paratmeter shell=true, an attacker could stack another command with ; in the GET parameter to inject other commands for example cat /etc/paswd . ...