eval() function security

Thread Rating:

0 Vote(s) - 0 Average
1
2
3
4
5

Thread Modes

eval() function security

Skaperen
Weighs the Same as a Duck

Posts: 4,565

Threads: 1,466

Joined: Sep 2016

Reputation: 14

Sep-22-2019, 07:03 AM (This post was last modified: Sep-22-2019, 07:17 AM by Skaperen.)

(Sep-21-2019, 07:00 AM)metulburr Wrote: I once used eval in an IRC bot to evaluate arithmetic expressions. Luckily the person was a white hat and kindly shown me an example of exploiting eval to gain access to my desktop. Had complete control to remove files or add them to my computer. I have never used eval again in a setting where there is an untrusted string. I would rather write up my own way to evaluate arithmetic expressions from now on. It might take a little more code, but it is worth it.

this is exactly my concern. i used to be a gray-hat hacker long ago.

i will try out simpleval and try to break it and see how that goes.

Tradition is peer pressure from dead people

What do you call someone who speaks three languages? Trilingual. Two languages? Bilingual. One language? American.

Find

Messages In This Thread

eval() function security - by Skaperen - Sep-20-2019, 11:47 PM

RE: eval() function security - by ichabod801 - Sep-20-2019, 11:58 PM

RE: eval() function security - by metulburr - Sep-21-2019, 07:00 AM

RE: eval() function security - by Skaperen - Sep-22-2019, 07:03 AM

RE: eval() function security - by DeaD_EyE - Sep-21-2019, 01:59 PM

RE: eval() function security - by snippsat - Sep-21-2019, 02:31 PM

RE: eval() function security - by metulburr - Sep-22-2019, 04:01 PM

RE: eval() function security - by snippsat - Sep-22-2019, 06:17 PM

RE: eval() function security - by Skaperen - Sep-23-2019, 04:32 AM

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	make eval() safe	Skaperen	5	2,770	Mar-24-2022, 05:47 PM Last Post: Skaperen

Users browsing this thread: 2 Guest(s)

View a Printable Version

eval() function security

User Panel Messages

Announcements