paddle is a popular framework for deep learning, it has an RPC server that doesn't have any authentication. with the paddle python package, we can send our out-of-band payload. since we can write a tsunami plugin in Python recently, I think we can write an efficient plugin to detect an exposed paddle RPC server.
paddle is a popular framework for deep learning, it has an RPC server that doesn't have any authentication. with the paddle python package, we can send our out-of-band payload. since we can write a tsunami plugin in Python recently, I think we can write an efficient plugin to detect an exposed paddle RPC server.
ref: https://huntr.com/bounties/5965f081-d5d2-41e0-8815-a3d5832f79c5