Gurkburk
Python pickle deserialization vulnerability
Last updated
Python pickle deserialization vulnerability
Last updated
The flag is located in ./flag.txt
.
Pickle is used to save and load notes into the application.
Exploit code:
The idea is that using getattr
, we can get submodules of __builtin__
(and the submodules of the submodules). __builtin__.globals()
includes builtins
, which includes exec
. Once we have control over exec
, we can execute arbitrary code.
Submit the base64-encoded opcodes, and we obtain the flags.
Normally, we would be able to use the __reduce__()
method to make the program call functions like os.system()
(see ).
See . The modules we can unpickle are restricted to __main__
, __builtin__
and copyreg
. eval
and exec
are also banned.
Thanks to , I found a way to bypass the restrictions.
They created an API to generate Pickle opcodes: (I made some slight modifications)