Fixes #1600

stamparm · stamparm · commit 663c976a3b58 · 2015-12-09T19:53:48.000+01:00
diff --git a/lib/core/convert.py b/lib/core/convert.py
@@ -10,9 +10,11 @@
 import pickle
 import StringIO
 import sys
+import types
 
 from lib.core.settings import IS_WIN
 from lib.core.settings import UNICODE_ENCODING
+from lib.core.settings import PICKLE_REDUCE_WHITELIST
 
 def base64decode(value):
     """
@@ -71,7 +73,7 @@ def base64unpickle(value):
     def _(self):
         if len(self.stack) > 1:
             func = self.stack[-2]
-            if '.' in repr(func) and " 'lib." not in repr(func):
+            if func not in PICKLE_REDUCE_WHITELIST:
                 raise Exception, "abusing reduce() is bad, Mkay!"
         self.load_reduce()
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -11,7 +11,9 @@
 import string
 import sys
 import time
+import types
 
+from lib.core.datatype import AttribDict
 from lib.core.enums import DBMS
 from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
@@ -427,6 +429,8 @@
 # Table used for Base64 conversion in WordPress hash cracking routine
 ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
 
+PICKLE_REDUCE_WHITELIST = (types.BooleanType, types.DictType, types.FloatType, types.IntType, types.ListType, types.LongType, types.NoneType, types.StringType, types.TupleType, types.UnicodeType, types.XRangeType, type(AttribDict()), type(set()))
+
 # Chars used to quickly distinguish if the user provided tainted parameter values
 DUMMY_SQL_INJECTION_CHARS = ";()'"
 
