Ask coding questions

← Back to all posts
Security vulnerability in replit?
h
ch1ck3n (2052)

Hi, i just noticed something. someone made a python-ide using python (ironic) and i can create files and run them. this is already a security vulnerability but I found that you can create a new file in ANY python repl.

i just can go into the shell and input python. it opens up the python shell. then I can write python code. for example

f = open("pog.py", "w")

that creates a new file.

then I can put some stuff into the file.

f.write("# bababooey")

i can put some malicious code in, and run the file using the shell, and destroy the repl, steal ENV values. i have no intentions on harming anyone or anything, I just wanna say please fix this.

i don't know if the newly created files actually save, I'm just wondering.

mods please don't take this down I don't know where else to put it the canny pages are missing
Comments
hotnewtop
Coder100 (18123)

It would be malicious except for the fact that every repl you run is actually just a fork of the main repl. Try it on an alt, did the file changes actually save?

SixBeeps (5221)

I don't know where else to put it the canny pages are missing

https://replit.canny.io/general-feedback

YuvanVighnesh (102)

lol you mean my new project?

im pretty sure that the files save only for the user...

ch1ck3n (2052)

@YuvanVighnesh no if i reload it deletes

and yes your new project

ch1ck3n (2052)

ok nvm it deletes the files

Bookie0 (6269)

@ch1ck3n so issue is resolved? For future reference, according to repl.it security, you can:

Email us at [email protected] with a description of the issue and we'll respond as soon as possible.

:)

ch1ck3n (2052)

@Bookie0 yeah probably

do you want 5 cycles I mean it be removed soon because of explore
ch1ck3n (2052)

@Bookie0 also for some reason i can click the checkmark next to my OWN name but it wont register

Coder100 (18123)

lol imagine giving yourself cycles @ch1ck3n

Bookie0 (6269)

@ch1ck3n you can, but i don't think it'll give the cycles.

ch1ck3n (2052)

@Coder100 is that how you have so many cycles