GitHub

Spades-Ace/Windows-Python-Pickle-Deserialization-Exploit

A simple RCE Pickle PoC with a vulnerable Flask App, modified for Windows. In Python, the pickle module lets you serialize and deserialize data. Essentially, this means that you can convert a Python ...
GitHub

Python 2/3 compatibility layer for Pickle

From this point, you can safely assume that what's pickled with pickle.dumps() in Python 2 can be converted back to the real object in Python 3 with pickle.loads(), and vise versa. However, note that ...