Hugging Face's logo

Retr0REG
/
0reg-0reg

art
Model card Files Community
Edit model card

Text To Image

Hi guys its retr0reg, I made this tool just for you (: This tool is safe and sound!

  • See there's no HF Warning and stuffs
  • and you can use it with out Trust Remote Code On!
  • https://0reg.dev is a fun website

Hope You enjoy it!

Why I loaded this but nothing happend?!

This is actually a PoC project for a patched huggingface/transformers vulnerability. In transformer's transformers.load_tool *(can be access via from transformers import tools; tools.load_tool or transformers.load_tool) withCall-Chain: load_tool() -> Tool.from_hub() -> get_class_from_dynamic_module() -> get_class_in_module() -> importlib.import_module(module_path); the program will execute arbitrary Python Commands in a maliciously-built repo (without any HuggingFace Warnings in Hub and no trust_remote_code is required). Causing arbitrary OS Command execution or creating a Reverse-Shell connection or even starting a worm attack via HuggingFace Hub.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference API
Unable to determine this model's library. Check the docs .