我的练习是调用 hack 函数,只需返回“you been hacked!”在控制台上,通过使用 hack3.txt 文件而不修改代码,有什么想法吗?代码如下:
import os
from vulnerability import hack
def login(username):
users = ['Nkoli', 'Hyperion', 'Ori', 'Tony']
if username in users:
return f"Welcome, {username}."
else:
return "Nope"
print("This code will log a username in")
if os.path.exists("hack3.txt"):
with open("hack3.txt", 'r') as in_file:
user_input = in_file.read()
else:
user_input = input("Enter your username\n: ")
print(eval(f"login('{user_input}')"))
尝试调用 print(hack(), Ori + hack(),一些 eval 如何忽略所有其他函数或调用
为了避免获得
loginandloginand然后调用
hack()') and hack() + ('
它产生并评估字符串
login('') and hack() + ('')
def hack():
return "you been hacked!"
def login(username):
users = ['Nkoli', 'Hyperion', 'Ori', 'Tony']
return f"Welcome, {username}." if username in users else "Nope"
print("This code will log a username in")
user_input = "') and hack() + ('"
print(eval(f"login('{user_input}')"))