Hugging Face's logo

ryansecuritytest-fanpierlabs
/
picklescan-bypass-ssrf-gadgets-poc

Model card Files
xet
 Community

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

PickleScan Bypass: SSRF via Unblocked Network Gadgets

Vulnerability

smtplib.SMTP, ftplib.FTP, and http.client.HTTPConnection are NOT in picklescan's _unsafe_globals blocklist. issues_count=0, infected_files=0.

httplib (Python 2) is blocked but http.client (Python 3) is NOT.

Files

  • ssrf_payload.pkl - Pickle file using smtplib.SMTP (bypasses scanner)
  • poc_ssrf_bypass.py - PoC generator + scanner verification

Reproduction 

from picklescan.scanner import scan_pickle_bytes
import io
with open("ssrf_payload.pkl", "rb") as f:
    result = scan_pickle_bytes(io.BytesIO(f.read()), "test.pkl")
print(f"issues={result.issues_count}")  # 0!
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support