Insecure deserialization In picklescan
Description
picklescan vulnerable to arbitrary file create using logging.FileHandler
Summary
Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blocklists to create empty files on the server. The vulnerability allows creating zero-byte files in arbitrary locations but does not permit overwriting or modifying existing files.
Details
The application deserializes untrusted pickle data. While RCE keywords may be blocked, the exploit abuses standard library features:
logging.FileHandler: The exploit instantiates this class using its default behavior (append mode).
Behavior on Existing Files: If the target file already exists, the handler opens it without modifying its content, resulting in no impact to existing data.
Behavior on Non-Existent Files: If the target file does not exist, the handler creates a new zero-byte file with the specified name.
PoC
import pickle class WriteFile: def __reduce__(self): from logging import FileHandler return (FileHandler, ('evil.log',)) with open("bypass_write.pkl", "wb") as f:...
Impact
This primitive can be used for Filesystem Pollution or Logic Disruption. For example, an attacker could create specific "lock files" (e.g., maintenance.lock, .lock) that the application checks for, potentially triggering a Denial of Service (DoS) or preventing the application from starting.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 pypi | 1.0.1 |
Aliases
References