Exploits / Vulnerability Discovered : 2021-02-24 |
Type : remote |
Platform : multiple
This exploit / vulnerability Python jsonpickle 2.0.0 remote code execution is for educational purposes only and if it is used you will do on your own risk!
# Python is an open source language. jsonickle module is provided to convert objects into a serialized form,
# and later recover the data back into an object. the decode is used to undeserialize serialized strings.
# If malicious data is deserialized, it will execute arbitrary Python commands. It is also possible to make system() calls.
# the problem is in the inner function loadrepr function which eval each serialized string which contains "py/repr".
# The vulnerability exists from the first version till the current version for backward compatibility. no patch is provided yet
# the payload was found during our research made on deserialization functions.
# the pattern should be :
# {..{"py/repr":<the module to import>/<the command to be executed.>}..}