Code Execution 07
This exercise is one of our challenges on Code Execution
In the previous challenge, we simplified the task by pre-importing the os module. In this lab, however, the os module is not pre-loaded, which requires a different approach for code execution. Attempting to use os.system('id') directly results in an error since the os module is missing. To overcome this, we use the __import__('os').system(...) syntax to dynamically load the os module and execute the desired command.
The lab involves reviewing a Flask application where user input is passed to an eval function without proper filtering, creating a code execution vulnerability. By leveraging the __import__('os').system(...) method, participants can execute the score command to complete the exercise. This scenario highlights the importance of understanding module imports and the dangers of using eval with user-controlled input.