Security vulnerability in replit?
Hi, i just noticed something. someone made a python-ide using python (ironic) and i can create files and run them. this is already a security vulnerability but I found that you can create a new file in ANY python repl.
i just can go into the shell and input
python. it opens up the python shell. then I can write python code. for example
f = open("pog.py", "w")
that creates a new file.
then I can put some stuff into the file.
i can put some malicious code in, and run the file using the shell, and destroy the repl, steal ENV values. i have no intentions on harming anyone or anything, I just wanna say please fix this.
i don't know if the newly created files actually save, I'm just wondering.