search

python / pythondotorg

Source code for python.org
https://www.python.org
Apache License 2.0
1.47k stars 587 forks source link

Can go into the bash and make dirs into the server #2418

Closed heliebiandexbilibili closed 3 weeks ago

heliebiandexbilibili commented 3 months ago

Describe the bug You can use this bug to go into the file management system and make dirs

To Reproduce(Make dirs) Steps to reproduce the behavior:

  1. Go to python.org/shells
  2. Input "import os", Enter
  3. Input "os.system("mkdir hello")" or "os.mkdirs("hello")", Enter
  4. Input "os.system("ls")", Enter
  5. See the error

To Reproduce(Go into the file management system)

  1. Go to python.org/shells
  2. Input "import os", Enter
  3. Input "os.system("bash")" or "os.system("sh")"
  4. See the error

Expected behavior Prohibit the "os" lib or anything else

Screenshots 屏幕截图 2024-03-20 134950 image

Desktop

For addition The file that make cannot disapear when I refresh the website.

ewdurbin commented 3 weeks ago

Hello, the interpreters on the site are run in sandboxes provided by Python Anywhere. If you identify a legitimate security concern in the please review their security policy or contact methods and disclose to them.