eval() function security

Thread Rating:

0 Vote(s) - 0 Average
1
2
3
4
5

Thread Modes

eval() function security

metulburr
The Castle of aaarrrrggh
Administrators

Posts: 5,150

Threads: 396

Joined: Sep 2016

Reputation: 170

Sep-21-2019, 07:00 AM (This post was last modified: Sep-21-2019, 07:00 AM by metulburr.)

I once used eval in an IRC bot to evaluate arithmetic expressions. Luckily the person was a white hat and kindly shown me an example of exploiting eval to gain access to my desktop. Had complete control to remove files or add them to my computer. I have never used eval again in a setting where there is an untrusted string. I would rather write up my own way to evaluate arithmetic expressions from now on. It might take a little more code, but it is worth it.

Recommended Tutorials:

Find

Messages In This Thread

eval() function security - by Skaperen - Sep-20-2019, 11:47 PM

RE: eval() function security - by ichabod801 - Sep-20-2019, 11:58 PM

RE: eval() function security - by metulburr - Sep-21-2019, 07:00 AM

RE: eval() function security - by Skaperen - Sep-22-2019, 07:03 AM

RE: eval() function security - by DeaD_EyE - Sep-21-2019, 01:59 PM

RE: eval() function security - by snippsat - Sep-21-2019, 02:31 PM

RE: eval() function security - by metulburr - Sep-22-2019, 04:01 PM

RE: eval() function security - by snippsat - Sep-22-2019, 06:17 PM

RE: eval() function security - by Skaperen - Sep-23-2019, 04:32 AM

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	make eval() safe	Skaperen	5	2,710	Mar-24-2022, 05:47 PM Last Post: Skaperen

Users browsing this thread: 2 Guest(s)

View a Printable Version

eval() function security

User Panel Messages

Announcements