-2

I'm trying to convert to get a command executed which is passed to the print statement. Eg:

print "exec(raw_input())"

Can I get to run the exec() in some way?

4

6 回答 6

1

我猜这就是你要找的东西?

>>> exec("x = raw_input()")
23
>>> x
'23'
>>>
于 2014-02-16T14:49:51.933 回答
1

做这个

command = raw_input("Command: ")
exec(command)

你为什么要打印它?如果这不是您要找的,请更清楚

于 2013-09-24T00:48:53.447 回答
0 
from __future__ import print_function
def foo(x):
    exec x
print = foo
print("exec(raw_input())")

跑步

% test.py
kaboom

结果是:

NameError: name 'kaboom' is not defined
于 2013-09-24T00:53:31.777 回答
0

您是否要求一些简单的东西,例如

aString = "raw_input()"
print "exec(" + aString + ")"
exec(aString)
于 2013-09-24T00:48:49.087 回答
0

From the tags you applied, it seems like you're looking for a magic string that will allow you to run any arbitrary code when Python passes that string to the print statement.

There are no such known strings. You might try very long strings, just over the obvious boundaries, looking for the traditional stack- and heap-overflow cases, but if you find one in Python X.Y.Z, chances are it was already fixed in X.Y.Z+1.

If the Python script is actually doing an exec or eval on your string, of course that's easy to exploit; if it's just doing a print, the contents never even get compiled, much less run; they're just a plain old string. The fact that the string happens to have dangerous-looking things like exec in it is irrelevant; it's not more exploitable than getting Python to print the string "rm -rf /".

Of course if you can arrange for the output of one Python interpreter to feed in as the input to an interactive session in another interpreter, then whatever you get the first interpreter to print will get executed in the second one… but in that case, you don't need the exec in the middle of the string anyway.

于 2013-09-24T00:58:55.950 回答
0

print 语句默认写入 sys.stdout,sys.stdout 就像一个文件。您可以使用write方法创建一个看起来像文件的类,该方法将由print语句调用。我整理了一个脚本来演示这一点,print_exec.py。另请注意,如果 print 语句中的代码本身包含print ,则这不起作用。即,print "print 'foo'"不会工作。因此,在示例中,我必须打印到 sys.stderr 才能真正看到正在发生的事情。希望这可以帮助。

print_exec.py

    import sys

    class file_like(object):
        def write(self, x):
            exec(x)

    sys.stdout = file_like()
    y = "exec(raw_input())"
    print "exec(y)"

运行 print_exec.py 的示例:

    >python print_exec.py 
    print "import sys; print >> sys.stderr, 'hi'"    
    hi
    >
于 2013-09-24T01:57:50.430 回答