Polyglot

A writeup about exploiting an image converter service through path traversal and multiprocessing pickle deserialization. The solution required crafting a polyglot file that’s both a valid BMP image and a malicious pickle payload to achieve RCE.