calculator-bot icon indicating copy to clipboard operation
calculator-bot copied to clipboard

Published 20 hours ago verified publisher icon odysseusmax

Remote code execution

Open TheHamkerCat opened this issue 2 years ago • 1 comments

Why did you even think of doing this?

https://github.com/odysseusmax/calculator-bot/blob/0c228232dba8839752e9ca1c729f860d48334a05/helpers/bot.py#L54

It evaluates any python code that is passed in it, so using

@calcit_bot __import__('os').execvp("/bin/bash", ["/bin/bash"])

is enough to kill the bot.

TheHamkerCat avatar Aug 07 '21 06:08 TheHamkerCat