self.command seems user controlled (HTTP method), so we can call any function on self which starts with .do_
Even if not exploitable right now it feels like code that might become an "Oops" in the future.
What do you think?
npub1v5…q8cg4 on Nostr: This is code that just feels off/risky to me. self.command seems user controlled ...
This is code that just feels off/risky to me.
self.command seems user controlled (HTTP method), so we can call any function on self which starts with .do_
Even if not exploitable right now it feels like code that might become an "Oops" in the future.
What do you think?
self.command seems user controlled (HTTP method), so we can call any function on self which starts with .do_
Even if not exploitable right now it feels like code that might become an "Oops" in the future.
What do you think?