Lab 351 — FlowForge — RCE via Python Code Validation Endpoint

hackadvisor

Task: AI workflow platform with Python code validation API endpoint that doesn't require authentication. Solution: Exploited unsafe exec() in validation endpoint using exception-based exfiltration to read flag.

rce python code_injection api unsafe_exec code_validation

api_endpoint_enumerationpython_code_injectionexception_based_exfiltrationdecorator_execution_abuse

$ ls tags/ techniques/

rce python code_injection api unsafe_exec code_validation

api_endpoint_enumerationpython_code_injectionexception_based_exfiltrationdecorator_execution_abuse

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 129 — ReqForge — RCE via VM Sandbox Escape— hackadvisor
[web][Pro]Lab 281 — PipeForge — Prototype Pollution to RCE via Build Worker— hackadvisor
[web][Pro]Lab 388 — ModelForge— hackadvisor
[web][Pro]Lab 320 — BuildForge — Path Traversal to RCE via CLI @File Expansion— hackadvisor
[web][Pro]Lab 252 — BuildForge — RCE via npm Lifecycle Script Injection— hackadvisor