Skip to content

Instantly share code, notes, and snippets.

adam adamczi

  • Poznań, PL
View GitHub Profile
@adamczi
adamczi / load.py
Last active May 20, 2020
CVE-2020-1747 PyYAML PoC
View load.py
# pyyaml==5.3 required. Vulnerability has been fixed in 5.3.1
# More: ret2libc's report in https://github.com/yaml/pyyaml/pull/386
# Explanation: https://2130706433.net/blog/pyyaml/
from yaml import *
with open('payload.yaml','rb') as f:
content = f.read()
data = load(content, Loader=FullLoader) # Using vulnerable FullLoader
You can’t perform that action at this time.