Hi i am currently struggling with a Web Security Lab Exercise. In this exercise i have to execute a insecure deserialization, exploiting python pickle.
The instruction of the exercise says:
The goal is to obtain a functional shell as root user through the serialization vulnerability in Pickle. Create an exploit script and get your flag!
Follow the link at the exercise page.

The exercises are based on a VM (client) connected to a LAN, where there is another machine (server). On the server run a web server that host all the exercise of the module Web Security at different port (from 5000 to 5009). In this case the i have to connect to the port 5002/pickle where i get a blanket page with this message: "Only POST requests are allowed".

To carry out the exercise there is not a form where to put the payload, i think i have to send it via curl, or idk. Do you have any suggestions?