Skip to content
/ Demo-Insecure-Deserialization-Python Public

Demo Insecure Deserialization in Python web application using FastAPI + Async SQLAlchemy + Postgres database + Docker.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

huyduong2792/Demo-Insecure-Deserialization-Python

BranchesTags

Repository files navigation

Demo Insecure Deserialization

Demo Insecure Deserialization in Python web application using FastAPI + Async SQLAlchemy + Postgres database + Docker.

prerequirement

This app require create postgress database before start

docker compose up -d --build postgres
docker compose exec -it postgres bash
createdb -h localhost -p 5432 -U dev-user ktltat_db
psql -h localhost -p 5432 -U dev-user -d ktltat_db

run

Back to terminal and follow below steps:

docker compose up -d --build
docker compose exec ktltat_app alembic revision --autogenerate -m "initdb"
docker compose exec ktltat_app alembic upgrade head

Image

Image

exploit

Init netcat listener

nc -nvlp 1337

Image

Get your local ip

ip a

Image

Create shell

note: Must change variable local_ip in shell_grenerator.py file before
python shell_grenerator.py

Image

Send request attach shell

Attach shell get from above step attach to cookie session Image

Exploit success

After send request attach shell, pickle module ran "env" command and sent output to netcat listener

Image

This code in path app/dependency.py is exploited

Image

About

Demo Insecure Deserialization in Python web application using FastAPI + Async SQLAlchemy + Postgres database + Docker.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages