Hugging Face's logo

hacnho
/
dbm-dumb-scanner-bypass-poc

Model card Files
xet
 Community

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

dbm.dumb pickle scanner-bypass PoC

This PoC builds a raw pickle that bypasses both picklescan==1.0.4 and modelscan==0.8.8, then writes attacker-controlled bytes during normal pickle.load().

The pickle does not reference os, subprocess, builtins.open, shutil, or shelve. It uses unblocked stdlib globals:

  • dbm.dumb.open
  • dbm.dumb._Database.__setitem__
  • dbm.dumb._Database.close

The load effect is a deterministic DBM file set:

/tmp/mfv_dbm_dumb_scanner_bypass_marker_20260623.dat
/tmp/mfv_dbm_dumb_scanner_bypass_marker_20260623.dir
/tmp/mfv_dbm_dumb_scanner_bypass_marker_20260623.bak

The .dat file contains the controlled marker bytes:

MFV_DBM_DUMB_SCANNER_BYPASS_20260623

Run 

python3 -m venv /tmp/dbm-dumb-scanner-bypass-venv
/tmp/dbm-dumb-scanner-bypass-venv/bin/python -m pip install --upgrade pip
/tmp/dbm-dumb-scanner-bypass-venv/bin/python -m pip install -r requirements.txt
/tmp/dbm-dumb-scanner-bypass-venv/bin/python reproduce_dbm_dumb_scanner_bypass.py

Expected terminal summary:

picklescan_clean=True exit=0
modelscan_clean=True exit=0
load_marker_exists=True
load_marker_content=MFV_DBM_DUMB_SCANNER_BYPASS_20260623
REPRO_OK
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support