Argument injection and getting past shellwords.escape
This is going to be a short write-up about an interesting argument injection I ran into a while ago. There is nothing new here, but it is still worth looking at as argument injection is an oft overlooked attack avenue as everyone is going after the more traditional command injection vulnerabilities. What is argument injection? Very similar to command injection, argument injection occurs when attacker controlled values/text are passed into a shell function without adequate sanitization....