Code for an intentionally vulnerable Lambda function. You can pass commands with an encoded ; “%3B”

Debes poder pasar commandos en el url si los separas con un punto y coma encodeado con html ; “%3B”

import json
import os
import subprocess

def lambda_handler(event, context):
    vuln = event['queryStringParameters']['HealthCheck']
    if "status" in vuln:
        cmdinject = vuln.replace("status","")
        cmd = "date" + cmdinject
        out = subprocess.check_output(cmd, shell=True)
        message = "Lambda function up as recent as " + out.decode()
        return {
            'statusCode': 200,
            'body': json.dumps(message)
        }
    else:
        message = "Welcome to GlitchyLambda by dafthack. You may want to check the health of the function at /lambda?HealthCheck=status"  
        return {
            'statusCode': 200,
            'body': json.dumps(message)
        }