Converting a hex string to a number
Fredrik Lundh
fredrik at pythonware.com
Wed Jul 10 05:28:32 EDT 2002
Alex Martelli wrote:
> Things aren't all that different regarding the eval builtin
> function rather than the exec statement:
>
> result = eval(something, fakelocals)
>
> there are a bit fewer issues with eval than with exec, but it
> doesn't take much to bypass the "can only do expressions"
> limit, alas.
most importantly, note that "any shell command" qualifies as
an expression:
something = "__import__('os').system('echo j00 h4v3 b33n 0wn3d')"
</F>
More information about the Python-list
mailing list