Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Dailydave: Re: Google Apps Engine

Re: Google Apps Engine

From: Lutz Böhne <lboehne_at_damogran.de>
Date: Fri, 11 Apr 2008 16:33:14 +0200

> Even those could easily be sanitized by just some fun with function
> pointers.
>
> >>> open=lambda *x: "no"
> >>> open('/etc/passwd')
> 'no'

Unless there are other ways to find these functions:

>>> __builtins__.__dict__["open"]( '/etc/passwd')
    <open file '/etc/passwd', mode 'r' at 0xb7dac7b8>

or even:

>>> open=lambda *x: "no"
>>> open('/etc/passwd')
    'no'
>>> del open
>>> open('/etc/passwd')
    <open file '/etc/passwd', mode 'r' at 0xb7db44a0>

Python is fun, there are so many ways to have it do what you want ;)

It might be possible to remove these functions like this:

>>> del __builtins__.__dict__["open"]
>>> open('/etc/passwd')
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
    NameError: name 'open' is not defined
    [...]

But i don't know whether that'd get rid of all problems.

Best regards,

Lutz

_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Received on Apr 11 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]