Avatar

Labs / YAML Bomb

  • Daily Challenge
  • Released 26 Sep 2025

💣 Can you detonate a YAML bomb to compromise the configuration system?

This corporate configuration management system processes YAML files for application settings, but a dangerous implementation flaw creates a perfect storm for exploitation. 💣 YAML deserialization attacks are increasingly common in modern applications, especially those using configuration-as-code approaches. Many developers don't realize that YAML can execute arbitrary Python code during parsing, making it a powerful attack vector for system compromise! 🎯

1
Flags
1
Points
Daily Challenge
Pro Exclusive
Start Lab Environment
~1-2 min setup
AWS dedicated
Private instance
Industry standard
Daily Challenge

💣 YAML Bomb

Challenge Overview: Explore a configuration management system that uses YAML for storing and processing application settings. YAML deserialization vulnerabilities occur when applications use unsafe YAML loading functions that can execute arbitrary Python code embedded within YAML documents, leading to remote code execution.
🎯 Learning Objectives
  • 📄 YAML Processing: Understand how YAML deserialization works in Python applications
  • 🔍 Unsafe Loading: Learn to identify yaml.load() vs yaml.safe_load() vulnerabilities
  • 💣 Payload Crafting: Master YAML deserialization payload construction
  • 🚀 Code Execution: Achieve remote code execution through YAML injection
🏢 Scenario

You've discovered a corporate configuration management portal that allows administrators to upload and process YAML configuration files for various applications. The system uses Python's PyYAML library to parse configuration data, but the implementation may be using unsafe deserialization methods that can execute arbitrary code.

🔍 Your Mission

Investigate the configuration management system, identify YAML deserialization vulnerabilities, craft malicious YAML payloads to exploit unsafe loading, and demonstrate how YAML bombs can lead to remote code execution and access to sensitive system information. The goal is to understand the security risks of unsafe YAML deserialization in enterprise applications.

First Blood 🩸
r3dkzyoud