How Python Object Injection Works and How to Exploit It

Python Object Injection Overview

In this Defencely Lab we detail and demonstrate Python object injection using a deliberately vulnerable application whose source is available on GitHub.

Python Classes and Objects

A class is a template that can store variables and methods. An object can be any instance of a class, a variable, or a function within a class.

Example:

We create an instance of a class named Test and assign it to the variable simpleapp, passing the value rony to the instance. simpleapp = Test(rony) When this code runs, Python creates an object and passes our value to the first argument. The __init__ function is called, acting like a constructor.

What Is Object Injection?

Object injection is an application‑level security flaw that allows an attacker to execute severe attacks based on context. Python’s native pickle module is vulnerable to object injection under certain conditions, especially when user‑controlled data is passed to it.

Similar to PHP’s serialize/unserialize, the pickle module can be abused if the attacker can control the serialized input.

Detecting Object Injection

To detect object injection you need a white‑box pentest. Serialized data created by pickle contains class names, variables, and values, which can be inspected. The pickle module provides four basic functions:

dump()

dumps()

load()

loads()

Unpickling data is not inherently dangerous, but when the data originates from user input and is processed on the backend, it becomes a serious risk. Transmitting pickled data via HTTP is a strong indicator of potential injection.

Vulnerable Application Workflow

File:

pickle.py

The secureApp() method unpickles the input data using load(), assigns it to workDone, and passes it to final_workout(). The final_workout() method writes the unpickled data to a code.py file and executes it.

Creating an Exploit

Since pickle.py uses serialized data, we can craft a malicious payload with dumps() and feed it to the vulnerable app.

File:

exploit_pickle.py

By serializing code that contains an encoded system command and testing it, we successfully inject and execute our crafted code.

Key Takeaways

Never trust user‑provided data for pickling or unpickling.

Detect pickled data in network traffic as a sign of potential injection.

Understand the workflow of vulnerable applications to craft effective exploits.