Skip to content

Commit

Permalink
Merge pull request #39 from pwned-17/master
Browse files Browse the repository at this point in the history
A9: Modifed Writeup and Lab Updated.
  • Loading branch information
adeyosemanputra authored May 3, 2021
2 parents 5125b89 + c3acb5c commit 6f810cf
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 12 deletions.
24 changes: 18 additions & 6 deletions pygoat/introduction/templates/Lab/A9/a9.html
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,23 @@ <h4>What is Using Components with Know Vulnerability means?</h4>
<button class="coll btn btn-info">Lab Details</button>
<div class="lab">
<p class="bp">
This lab helps us to understand some areas where this threat can occur.
<br>The user on accessing the lab is given with certain libraries used by jack in his project.
Try to identify if they are safe or vulnerable.


This lab helps us to understand why components with know vulnerability can be a serious issue.
<br>
The user on accessing the lab is provided with a feature to convert yaml files into json objects.
The user needs to choose an yaml file and click upload to get the json data.
There is also a get version feature which tells the user the version of the library the app uses.

<b>Exploiting the vulnerability.</b>
<ul>
<li>The app uses <code>pyyaml 5.1</code> Which is vulnerable to code execution.</li>
<li>You can google the library with the version to get the poc and vulnerability details</li>
<li> Create An yaml file with this payload:</li>
<code>!!python/object/apply:subprocess.Popen<br>
- ls
</code>
<li> On Uploading this file the user should be able to see the output of the command executed.</li>

</ul>

</p>
</p>
Expand All @@ -29,7 +41,7 @@ <h4>What is Using Components with Know Vulnerability means?</h4>

</p>
</div>
<h4>Mitigation</h4>
<br><h4>Mitigation</h4>
<p class="bp">
<ul>
<li>Remove unused dependencies, unnecessary features, components, files, and documentation.</li>
Expand Down
2 changes: 1 addition & 1 deletion pygoat/introduction/templates/Lab/A9/a9_lab.html
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
{% load static %}
{% block content %}
{% block title %}
<title>Broken Access Control.</title>
<title>A9</title>
{% endblock %}

<div class="jumbotron">
Expand Down
3 changes: 0 additions & 3 deletions pygoat/introduction/templates/introduction/base.html
Original file line number Diff line number Diff line change
Expand Up @@ -57,9 +57,6 @@ <h3>PyGoat</h3>
<li>
<a href="/cmd">Command Injection</a>
</li>
<li>
<a href="#">Page 3</a>
</li>
</ul>
<a href="/bau">
<i class="fas fa-bug"></i>
Expand Down
8 changes: 6 additions & 2 deletions pygoat/introduction/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -256,8 +256,12 @@ def a9_lab(request):

try :
file=request.FILES["file"]
data = yaml.load(file)
return render(request,"Lab/A9/a9_lab.html",{"data":data})
try :
data = yaml.load(file)
return render(request,"Lab/A9/a9_lab.html",{"data":data})
except:
return render(request, "Lab/A9/a9_lab.html", {"data": "Error"})

except:
return render(request, "Lab/A9/a9_lab.html", {"data":"Please Upload a Yaml file."})

Expand Down

0 comments on commit 6f810cf

Please sign in to comment.