Skip to main content
CTF Support
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. CTF Support
  2. /
  3. Web Exploitation
  4. /
  5. Code Injection
Edit page

Code Injection

Introduction

Code Injection vulnerabilities occur when user-controllable input is executed directly by the interpreter. In CTFs, this often leads to remote code execution (RCE) or the disclosure of internal files.

Example: Python exec() 

def process_input(data):
    exec(data)
    return

data = input('Enter some data: ')
process_input(data)

Exploit 

import os; os.system('cat flag.txt')

Tips

  • Search for functions like eval, exec, pickle.loads, or template evaluation.
  • Inject harmless test payloads first (e.g., print(1+1) or sleep(2)).
  • Always URL‑encode test injections when passing input via parameters.