Text To Image

Hi guys its retr0reg, I made this tool just for you (: This tool is safe and sound!

See there's no HF Warning and stuffs
and you can use it with out Trust Remote Code On!
https://0reg.dev is a fun website

Hope You enjoy it!

Why I loaded this but nothing happend?!

This is actually a PoC project for a patched huggingface/transformers vulnerability. In transformer's transformers.load_tool *(can be access via from transformers import tools; tools.load_tool or transformers.load_tool) withCall-Chain: load_tool() -> Tool.from_hub() -> get_class_from_dynamic_module() -> get_class_in_module() -> importlib.import_module(module_path); the program will execute arbitrary Python Commands in a maliciously-built repo (without any HuggingFace Warnings in Hub and no trust_remote_code is required). Causing arbitrary OS Command execution or creating a Reverse-Shell connection or even starting a worm attack via HuggingFace Hub.

Vulnerability Report: https://huntr.com/bounties/1da2a047-60cd-4e7d-b61e-bba31cdce418
PoC video: https://drv.0reg.dev/Personals/PoCs/Transformers/Transformer-RCE-load-tools.mp4

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support