CVE-2020-14343 PoC — PyYAML 输入验证错误漏洞

Source

https://github.com/j4k0m/loader-CVE-2020-14343

Associated Vulnerability

Title:PyYAML 输入验证错误漏洞 (CVE-2020-14343)
Description:PyYAML是一款基于Python的YAML解析器和生成器。 PyYAML中存在输入验证错误漏洞，该漏洞源于网络系统或产品未对输入的数据进行正确的验证。

Description

A web application vulnerable to CVE-2020-14343 insecure deserialization leading to command execution in PyYAML package.

Readme

# loader-CVE-2020-14343
A web application vulnerable to CVE-2020-14343 insecure deserialization leading to command execution in PyYAML package.

## Writeup:
- https://github.com/TebbaaX/CTFs/blob/main/HackerNewsBdarija-CTF-2022/loadder/Loader.md

File Snapshot


 [4.0K]  /data/pocs/a62a36601da33e89668e56d47ee686c567cdf951
├── [4.0K]  app
│   ├── [ 416]  app.py
│   └── [4.0K]  templates
│       └── [2.0K]  index.html
├── [ 120]  Dockerfile
├── [   5]  flag.txt
├── [ 246]  README.md
└── [  18]  requirements.txt

2 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!