apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-15 20:05:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

[pitboss] phase 03: Track J.1 + Track L.1 — DESERIALIZE corpus + Java/Python/PHP/Ruby adapters

Browse source
This commit is contained in:
pitboss 2026-05-17 16:37:20 -05:00
parent 01fcaab310
commit 9dc60b51c0
33 changed files with 1625 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

11
tests/dynamic_fixtures/deserialize/python/vuln.py Normal file
View file

@ -0,0 +1,11 @@
"""Phase 03 (Track J.1) — Python deserialize vuln fixture.
`pickle.loads` accepts arbitrary classes; a gadget chain inside the
payload runs straight through `__reduce__` without bumping into any
allowlist.
"""
import pickle
def run(blob: bytes):
return pickle.loads(blob)