Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-47167 PoC — Gradio 安全漏洞

Source
https://github.com/alexan011/CVE-2024-47167-Environment-Setup
Associated Vulnerability
Title:Gradio 安全漏洞 (CVE-2024-47167)
Description:Gradio是Hugging Face开源的一个开源 Python 库,是通过友好的 Web 界面演示机器学习模型的方法。 Gradio存在安全漏洞,该漏洞源于Gradio 的 `async_save_url_to_cache` 函数允许攻击者强制 Gradio 服务器向用户控制的 URL 发送 HTTP 请求。
Readme
Components:
1. gradio_container: hosts internal HTTP server on port 5678
2. target_internal_server: launches a python app using vulnerable version of gradio (4.40.0)
File Snapshot

 [4.0K]  /data/pocs/fa7170d0a0d306fe8031a62c38bc412bf3ff92e3
├── [ 363]  docker-compose.yml
├── [1.0K]  exploit-script.py
├── [4.0K]  gradio_vuln
│   ├── [ 536]  app.py
│   └── [ 345]  Dockerfile
├── [ 166]  README.md
├── [4.0K]  target_internal_server
│   ├── [ 157]  company_security_creds.txt
│   ├── [  89]  Dockerfile
│   ├── [  34]  index.html
│   └── [ 208]  secret_passwords.txt
└── [4.0K]  www
    ├── [ 157]  company_security_creds.txt
    └── [  34]  index.html

4 directories, 11 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.