CVE-2024-1561 PoC — Gradio 安全漏洞

Source

https://github.com/DiabloHTB/CVE-2024-1561

Associated Vulnerability

Title:Gradio 安全漏洞 (CVE-2024-1561)
Description:Gradio是一个开源 Python 库，是通过友好的 Web 界面演示机器学习模型的方法。 Gradio 存在安全漏洞，该漏洞源于端点不正确地允许调用类上的任何方法，允许未经授权的本地文件读取访问，可能导致敏感信息泄露。

Description

Poc for CVE-2024-1561 affecting Gradio 4.12.0

Readme

# CVE-2024-1561 PoC Script

This is a Proof of Concept (PoC) script for CVE-2024-1561.  

Check the full writeup for the CVE here: https://huntr.com/bounties/4acf584e-2fe8-490e-878d-2d9bf2698338

Affected Version: Gradio 4.12.0

This was fixed in this PR (https://github.com/gradio-app/gradio/pull/6884) and was released in version 4.13.0.

## Usage

1. Clone the repository and Navigate to the directory:

    ```bash
    git clone https://github.com/DiabloHTB/CVE-2024-1561
    cd CVE-2024-1561
    ```

2. Run the script with the following command:

    ```bash
    chmod +x CVE-2024-1561
    ./CVE-2024-1561 -u <URL> -f <FILE>
    ```

    Replace `<URL>` with the target URL and `<FILE>` with the file to be processed.

    Example:

    ```bash
    ./CVE-2024-1561 -u http://127.0.0.1:7860 -f /etc/passwd
    ```


## Options

- `-u, --url`: Specify the URL of the target.
- `-f, --file`: Specify the file.
- `-h, --help`: Help.

## Requirements

- Bash
- curl
- jq (for JSON parsing)

## Disclaimer

This script is a Proof of Concept (PoC) and should be used for educational and testing purposes only. Use it responsibly and at your own risk.

File Snapshot


 [4.0K]  /data/pocs/bfe988dc39f1fe7caf6e0174ff97d3463195815b
├── [2.1K]  CVE-2024-1561
└── [1.1K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!