It is possible to bypass banned words, by using exec function and special characters

aahnik / run-py-bot

A telegram bot that runs python code. Evaluate pythonic expressions on the go, right from your chat.

MIT License

50 stars 36 forks source link

It is possible to bypass banned words, by using exec function and special characters #5

Closed aahnik closed 4 years ago

aahnik commented 4 years ago

Thank you, @gabrielesilinic for pointing this out. I am creating this issue on Github, for future reference. This issue has been currently resolved by banning exec #4

aahnik commented 4 years ago

user:

exec("\x66\x72\x6f\x6d\x20\x74\x69\x6d\x65\x20\x69\x6d\x70\x6f\x72\x74\x20\x74\x69\x6d\x65")
print(time())

bot replied:

1605013849.2719617

now exec is banned