Code for an intentionally vulnerable Lambda function. You can pass commands with an encoded ; “%3B”
Debes poder pasar commandos en el url si los separas con un punto y coma encodeado con html ; “%3B”
import json
import os
import subprocess
def lambda_handler(event, context):
vuln = event['queryStringParameters']['HealthCheck']
if "status" in vuln:
cmdinject = vuln.replace("status","")
cmd = "date" + cmdinject
out = subprocess.check_output(cmd, shell=True)
message = "Lambda function up as recent as " + out.decode()
return {
'statusCode': 200,
'body': json.dumps(message)
}
else:
message = "Welcome to GlitchyLambda by dafthack. You may want to check the health of the function at /lambda?HealthCheck=status"
return {
'statusCode': 200,
'body': json.dumps(message)
}
