| 标题 | TransformerOptimus (or SuperAGI) SuperAGI Version: <= c3c1982 Code Injection |
|---|
| 描述 | # Technical Details
A Code Injection vulnerability exists in the `edit_agent_template` method in `superagi/controllers/agent_template.py` of SuperAGI.
The application fails to sanitize user input for the template configuration fields before passing them to Python's `eval()` function during retrieval.
# Vulnerable Code
File: superagi/controllers/agent_template.py
Method: edit_agent_template
Why: The endpoint accepts a raw `dict` parameter without Pydantic validation, allowing an attacker to inject arbitrary Python code as strings into configuration fields (e.g., `goal`, `instruction`, `constraints`). These injected strings pass through unmodified and are stored verbatim in the `agent_template_configs` table. When subsequently fetched, they are executed by `eval()` in `eval_agent_config()`.
# Reproduction
1. Authenticate to the SuperAGI instance to obtain a valid JWT token.
2. Create a normal agent via `/api/agents/create` and save it as an agent template via `/api/agent_templates/save_agent_as_template/...`.
3. Call the `update_agent_template` endpoint, injecting malicious Python code strings into the `goal` field (e.g., `"[__import__(\"os\").system(\"id > /tmp/prod_mode_rce\")]"`).
4. Trigger the payload by calling the `/api/agent_templates/agent_config` endpoint to fetch the configuration, forcing `eval()` to execute the injected code.
# Impact
- Remote Code Execution (RCE) with server root privileges.
- Data breach (Access to all stored API keys, database credentials, user data).
- Service disruption (Ability to shut down or corrupt the SuperAGI instance).
|
|---|
| 来源 | ⚠️ https://gist.github.com/YLChen-007/a73105550fdcb5e6c0f061a05ba04bd9 |
|---|
| 用户 | Eric-z (UID 95890) |
|---|
| 提交 | 2026-03-27 12時27分 (28 日前) |
|---|
| 管理 | 2026-04-19 07時40分 (23 days later) |
|---|
| 状态 | 重复 |
|---|
| VulDB条目 | 300336 [transformeroptimus superagi eval 权限提升] |
|---|
| 积分 | 0 |
|---|