gradio-exploit

该技能是面向 AI 代理的 Gradio 漏洞利用手册，核心能力是无认证文件读取、SSRF、内网探测和目标爆破，整体用途与攻击行为完全一致。虽未展示恶意安装链、凭证转发或隐蔽外传端点，但作为直接赋予代理攻击能力的 exploit 技能，应判定为高风险且可疑；更适合归类为高危漏洞利用能力，而非已确认恶意软件。

This fragment is offensive SSRF-to-full-read exploit tooling for Gradio. It forces the Gradio server to fetch attacker-controlled URLs via /component_server and /queue/join, then retrieves the complete cached responses using /file=path (including predicted /tmp/gradio/<sha1>/ paths). It explicitly targets sensitive endpoints (cloud metadata, local/internal services) and outputs potentially leaked content. If such content appeared in a package dependency, it would represent a severe supply-chain security risk with strong malicious intent.

This fragment is explicitly offensive exploitation/scanning code for Gradio CVE-2024-47167. It performs unauthorized local file reads by abusing POST /component_server to invoke make_temp_copy_if_needed with an attacker-controlled path, then exfiltrates the copied file via GET /file=<download_path> and validates success using sensitive file-content patterns. High confidence that this is dangerous/abusive content, not a legitimate dependency module.