command-injection-11 command-injection-1 [문제] [풀이] @APP.route('/ping', methods=['GET', 'POST']) def ping(): if request.method == 'POST': host = request.form.get('host') cmd = f'ping -c 3 "{host}"' try: output = subprocess.check_output(['/bin/sh', '-c', cmd], timeout=5) return render_template('ping_result.html', data=output.decode('utf-8')) except subprocess.TimeoutExpired: return render_template('ping_result.html', data='Timeout !') ex.. 2022. 9. 3. 이전 1 다음
