Push and Pickle
| ID: | 2419 |
|---|---|
| 标题: | Push and Pickle |
| 描述: | I love how there are so many different types of pickles. I tried experimenting with two of them. |
| 类型: | MISC |
| 网站: | bugku |
| 题目链接: | https://ctf.bugku.com/challenges/detail/id/2591.html |
| 赛事: | UIUCTF2024 |
| 年度: | 2024 |
| Flag值: | Push and Pickle无是构造一个绕过opcode检查的pickle payload,利用__reduce__方法触发check_flag函数。验证后的网址为: https://medium.com/@harryfyx/writeup-uiuctf-2024-push-and-pickle-cf821c49194f |
| writeup: |
该文章详细描述了通过修改pickle协议版本和指令流,使用未被禁止的opcode组合实现反序列化漏洞利用的完整过程。 |