xiaoyaoes commited on
Commit
a2a9081
·
1 Parent(s): 15bcc59

Add PoC pickle

Browse files
Files changed (2) hide show
  1. README.md +16 -0
  2. malicious.pkl +3 -0
README.md ADDED
@@ -0,0 +1,16 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ---
2
+ license: mit
3
+ tags:
4
+ - mfv
5
+ - huntr
6
+ - eg3d
7
+ - rce
8
+ ---
9
+
10
+ # EG3D MFV PoC — RCE via Unsafe Pickle Deserialization
11
+
12
+ **Vulnerability:** RCE via pickle.load + exec() in NVIDIA's custom @persistent_class unpickler
13
+
14
+ **Project:** https://github.com/NVlabs/eg3d
15
+
16
+ **File:** `malicious.pkl` — triggers `os.system` when loaded via `persistence.load_network_pkl()`
malicious.pkl ADDED
@@ -0,0 +1,3 @@
 
 
 
 
1
+ version https://git-lfs.github.com/spec/v1
2
+ oid sha256:ccf939fef426531f1e932846e2ced77c58ba5a874d588b8e3f6d01cb17791966
3
+ size 65