YAML: code execution using !!python/object
A popular opinion says to not use the pickle class on a data given by user because on deserialization it may lead to the object injection attack and malicious code execution.
Subscribe:
But what about other formats? Are they also dangerous?
My name is Kacper Szurek and in today’s episode of “from 0 to pentesting hero“ I’m going to talk about yaml files.
Yaml format is not as simple as it might seem.
In the standard parser used in Python, we can also use the apply tag, which allows you to call any function from any module, and pass appropriate parameters to them.
So it is equivalent to the ability to execute arbitrary code on the server that we attack.
In our case, we will use the function to list the contents of the current directory.
Twitter:
Website:
Github:
#from0topentestinghero #bugbounty #python
3 years ago 00:02:46 3
5 years ago 00:16:23 24
4 years ago 00:11:55 24
3 years ago 00:14:56 1
1 year ago 00:19:34 1
3 years ago 00:07:10 1
2 years ago 00:20:51 14
10 months ago 01:58:20 1
2 years ago 00:07:42 1
1 year ago 00:51:46 1
1 year ago 01:39:16 1
3 years ago 00:20:02 1
1 year ago 01:45:52 1
3 years ago 00:06:28 1
9 months ago 00:09:27 1
1 year ago 00:22:19 1
1 year ago 01:41:21 1
3 years ago 00:13:05 2
4 years ago 01:00:48 1
1 year ago 01:04:51 1
1 year ago 01:13:28 14
5 years ago 00:56:53 1
7 months ago 00:08:00 1
2 years ago 00:33:12 3
