- In Python source code, look for:
The following code is a simple example of using
cPickle in order to generate an auth_token which is a serialized User object.
import cPickle will only work on Python 2
The vulnerability is introduced when a token is loaded from an user input.
Python 2.7 documentation clearly states Pickle should never be used with untrusted sources. Let's create a malicious data that will execute arbitrary code on the server.
The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.