You can paste a simple line into the calculator box and immediately execute any code as if the program was yours because of improper prompt sanitization.
Example one: [print('RCE exploit!'), "RCE exploit!"][-1]
Example two: [exec("import tkinter as T\nprint(\'Line ONE\')\nprint(\'Line TWO\')\nr=T.Tk();r.overrideredirect(1);r.attributes('-topmost',1,'-alpha',0.8);r.config(bg='#000');r.geometry('600x240+10+10');T.Label(r,text='Borderless Window thats hard to close',fg='#f00',bg='#000',font=('Arial',20)).pack(expand=1,fill='both');r.mainloop()"), "window RCE"][-1]
Example three: [exec('self.master.title("RCE Exploit!")\nself.master.configure(bg="black")'), "Name change!"][-1]
Please sanitize the input yourself or use something like ast.literal_eval(self.expression) instead for this whole thing to be patched!
You can also, with the same bug, make the calculator output say whatever you desire.
You can paste a simple line into the calculator box and immediately execute any code as if the program was yours because of improper prompt sanitization.
Example one:
[print('RCE exploit!'), "RCE exploit!"][-1]Example two:
[exec("import tkinter as T\nprint(\'Line ONE\')\nprint(\'Line TWO\')\nr=T.Tk();r.overrideredirect(1);r.attributes('-topmost',1,'-alpha',0.8);r.config(bg='#000');r.geometry('600x240+10+10');T.Label(r,text='Borderless Window thats hard to close',fg='#f00',bg='#000',font=('Arial',20)).pack(expand=1,fill='both');r.mainloop()"), "window RCE"][-1]Example three:
[exec('self.master.title("RCE Exploit!")\nself.master.configure(bg="black")'), "Name change!"][-1]Please sanitize the input yourself or use something like ast.literal_eval(self.expression) instead for this whole thing to be patched!
You can also, with the same bug, make the calculator output say whatever you desire.