python之pickle的任意代码执行漏洞

Warning The pickle module is not secure against erroneous or maliciously constructed data. 
Never unpickle data received from an untrusted or unauthenticated source.

pickle

python中的pickle模块可以将对象按照一定的格式序列化后保存在磁盘或进行网络传输。 python中pickle的对象序列化和反序列化方法包括:

1
2
3
4
pickle.dump(obj, file[, protocol])
pickle.load(file)
pickle.dumps(obj[, protocol])
pickle.loads(string)
其中带s的函数操作对象是字符串,而不带s的操作对象是文件。

参考

[1] pickle — Python object serialization [2] Python Pickle的任意代码执行漏洞实践和Payload构造 [3] Arbitrary code execution with Python pickles [4]