Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2022-48565 PoC — Python 代码问题漏洞

Source
https://github.com/Einstein2150/CVE-2022-48565-POC
Associated Vulnerability
Title:Python 代码问题漏洞 (CVE-2022-48565)
Description:An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Description
A proof-of-concept for CVE-2022-48565 - python plistlib XML deserialisation attack
Readme
# CVE-2022-48565 PoC

## Introduction

This is a Proof of Concept (PoC) demonstrating the vulnerability **CVE-2022-48565**, which is based on **unsafe deserialization of Plist files** in Python. By processing specially crafted Property List (Plist) files, an attacker can execute arbitrary code on the target system, potentially leading to **Remote Code Execution (RCE)**.

In this repository, you will find four PoC scripts, each showing different ways to exploit this vulnerability. These examples demonstrate how malicious code can be embedded in Plist files and executed on a system.

Here is a video demonstrating the Proof of Concept:

[![Video Thumbnail](https://img.youtube.com/vi/2wcJDGlKueg/0.jpg)](https://youtu.be/2wcJDGlKueg)

## Disclaimer

These PoC scripts are for educational purposes and security research only. Use these scripts in a controlled environment and never on production systems. Misuse of this vulnerability could result in serious legal and ethical consequences.

## Requirements

- Python <=3.9.1
- Python 2.x

- macOS: Some examples (e.g., opening the Calculator or Safari) only work on macOS, as they use macOS-specific commands

## Installation

Clone this repository:

```git clone https://github.com/Einstein2150/CVE-2022-48565-POC```

Change into the directory:

```cd CVE-2022-48565-POC```

   	
## PoC Scripts

There are four PoC scripts, each showing different ways to exploit this vulnerability.


### 1. cve-2022-48565_poc_echo.py

This script shows a simple example where unsafe deserialization is used to execute a shell command that prints a message to the console.

**Usage:**
```
bash
python2 cve-2022-48565_poc_echo.py
```

### 2. cve-2022-48565_poc_calc.py

In this example, it is demonstrated how an attacker can open the macOS Calculator by deserializing a malicious Plist file.

**Usage:**
```
bash
python2 cve-2022-48565_poc_calc.py
```


### 3. cve-2022-48565_poc_wget.py

This script shows how an attacker can download a file from an external source and automatically open it in Safari. The wget command is used to download index.html from the website foto-video-it.de, which is then opened in Safari.v

**Usage:**
```
bash
python2 cve-2022-48565_poc_wget.py
```

### 4. cve-2022-48565_poc_external_plist.py

This script simulates a practical attack scenario where the malicious Plist file is stored externally and loaded at runtime. This demonstrates how an attacker can load a Plist file from an external source and use it to execute malicious code.

The malicious.plist file contains the payload and must be placed in the same directory as the script.

**Usage:**
```
bash
python2 cve-2022-48565_poc_external_plist.py
```


## License

This project is licensed under the MIT License. See the LICENSE file for more details.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →