Create:jupyter-notebook-rce

2023-07-18 14:48:18 +08:00 · 2023-07-18 14:48:18 +08:00 · f09c575037
parent 9ca1706cf2
commit f09c575037
1 changed files with 33 additions and 0 deletions
--- a/http/vulnerabilities/jupyter-notebook-rce.yaml
+++ b/http/vulnerabilities/jupyter-notebook-rce.yaml
@ -0,0 +1,33 @@
+id: jupyter-notebook-rce
+
+info:
+  name: Jupyter Notebook Remote Command Execution
+  author: HuTa0
+  severity: high
+  description: |
+    Jupyter Notebook is an interactive Notebook, computer application is a web based visualization, Jupyter Notebook API/terminals path there are loopholes in the remote command execution.
+  reference:
+   - https://github.com/SCAMagic/SCAMagicScan/blob/de8130a2280ee08d719ac6612e590b8e2678fb97/pocs/poc-yaml-jupyter-notebook-rce.py
+  metadata:
+    zoomeye-query: title:"jupyter notebook"
+  tags: jupyter,notebook,rce
+  
+http:
+  - raw:
+      - |
+        POST /api/terminals HTTP/1.1
+        Host: {Hostname}
+        X-XSRFToken: 2|7a4faae0|819f5adf7edaef5e74502c9d0c75a604|1653492335
+        Cookie: _xsrf=2|7a4faae0|819f5adf7edaef5e74502c9d0c75a604|1653492335
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "name"
+          - "last_activity"
+        condition: and
+
+      - type: status
+        status:
+          - 200