Python2 Input Vulnerability

Theory

Python 2 input vulnerability is a security flaw that arises due to the usage of the input() function in Python 2. Unlike its Python 3 counterpart, the input() function in Python 2 evaluates the input as Python code rather than treating it as a simple string. This behavior can lead to serious security vulnerabilities if the input is not properly sanitized or validated.

Consider a scenario where a Python 2 application uses the input() function to accept user input for executing system commands. If an attacker enters malicious code instead of expected input, the interpreter will execute it without any restrictions, potentially allowing the attacker to run arbitrary commands on the system.

Practical

# Python 2 vulnerable code
user_input = input("Enter your name: ")
print("Hello, " + user_input + "!")

If an attacker enters something like ; rm -rf /, the input() function will execute it as a valid Python expression, resulting in the deletion of all files on the system. This vulnerability can have catastrophic consequences if exploited by malicious actors.

RCE Using __builtin__ Module

# Python 2 vulnerable code
e = input("Enter your name: ")
print e

# payload
'__import__("os").system("uname -a")'

REFERENCES

• https://medium.com/@abdelazimmohmmed/python-input-vulnerability-30b0bfea22c9

• https://www.geeksforgeeks.org/vulnerability-input-function-python-2-x/