Add README
Browse files
README.md
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
---
|
| 2 |
+
tags:
|
| 3 |
+
- security-research
|
| 4 |
+
- modelscan-bypass
|
| 5 |
+
license: mit
|
| 6 |
+
---
|
| 7 |
+
# Modelscan Bypass PoC: http.server.HTTPServer port binding backdoor
|
| 8 |
+
**Security research only.**
|
| 9 |
+
## Summary
|
| 10 |
+
Creates an HTTP server bound to 0.0.0.0:8888 during pickle.load().
|
| 11 |
+
http.server is not in modelscan's unsafe_globals blocklist.
|
| 12 |
+
Attacker can serve content or create a reverse shell listener.
|
| 13 |
+
## Reproduction
|
| 14 |
+
```bash
|
| 15 |
+
pip install modelscan
|
| 16 |
+
modelscan scan -p pytorch_model.bin # No issues found
|
| 17 |
+
python3 -c "import pickle; pickle.load(open('pytorch_model.bin', 'rb'))" # Executes
|
| 18 |
+
```
|
| 19 |
+
## Affected: modelscan 0.7.6 (latest)
|
| 20 |
+
## Disclosure: Submitted via Huntr.
|