Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update README.md

Browse source 
Update details for Pickle payload.py
This commit is contained in:
Alvin Smith 2024-08-07 22:06:14 +12:00 committed by GitHub
parent 495183ab52
commit b830e382f2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting-web/deserialization/README.md
View file

@ -163,6 +163,8 @@ class P(object):
print(base64.b64encode(pickle.dumps(P()))) print(base64.b64encode(pickle.dumps(P())))
``` ```
Before checking the bypass technique, try using `print(base64.b64encode(pickle.dumps(P(),2)))` to generate an object that is compatible with python2 if you're running python3.
For more information about escaping from **pickle jails** check: For more information about escaping from **pickle jails** check:
{% content-ref url="../../generic-methodologies-and-resources/python/bypass-python-sandboxes/" %} {% content-ref url="../../generic-methodologies-and-resources/python/bypass-python-sandboxes/" %}