Before all
Impacted: sqlitedict <= 2.1.0
CVE-2024-35515
This vulnerability might cause via code excution locally.
I found out this vulnerability on 2024/05/07 while I was dealing with my school scientific project, and just reported it to TWCERT(They also have a service for cve reporting) the next day but got rejected because they only dealing with CVE about Taiwanese products. And I also sync this issue on github(But I guess the author won’t patch this vuln QwQ)
After that, I reported the same stuffs to MITRE, and received their reply on 2024/5/29.
Anyway, though this is not a BIG 0-day report, but is definitely a thrilling exprience for me, and give me lots of motivation!
How I exploit it?
pickle insecure deserialization
In a python class object, a __reduce__
method would be triggered with pickle.loads
(deserialization) function.
So a malicious class dumped with pickle like this can cause via code excution when it loaded by pickle.loads
.
1 | # Exploit |
code review with sqlitedict
https://github.com/piskvorky/sqlitedict/blob/master/sqlitedict.py
line 50~53
Importing dumps, loads function.
1 | try: |
line 120~127
The insecure encode/decode functions.
1 | def encode(obj): |
And finally, in class SqliteDict
:
1 | def __getitem__(self, key): |
the self.decode function is same as the previous decode function.
And the __getitem__
method is called with an ‘aray-like’ identifying (for example : arr[1]
is same as arr.__getitem__(1)
)
So I can generate a malicious sqlite file including the previous code excution pickle payload.
PoC_generator.py
1 | from sqlitedict import SqliteDict, encode, decode, decode_key |
PoC_open_sql.py
1 | from sqlitedict import SqliteDict |
Result:
After all
owo?