r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021 r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021

  • Stars
    star
    106
  • Rank 324,308 (Top 7 %)
  • Language
    Python
  • License
    GNU Affero Genera...
  • Created almost 6 years ago
  • Updated almost 6 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021
github

r3dxpl0it

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CVE-2018-8021 Proof-Of-Concept and Exploit

Apache Superset pickle library code execution

IBM : Apache Superset could allow a remote attacker to execute arbitrary code on the system, caused by the use of unsafe load method from the pickle library to deserialize data. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Refs :

Usage :

usage: exploit.py [-h] -t TCP -tp TPORT -i IP -p PORT -U USER -P PASSW

optional arguments:
  -h, --help            show this help message and exit
  -t TCP, --tcp TCP     tcp ip for shell
  -tp TPORT, --tport TPORT
                        tcp port for shell
  -i IP, --ip IP        ip
  -p PORT, --port PORT  port
  -U USER, --user USER  User belong to Superset 
  -P PASSW, --passw PASSW
                        password of the user !

Note : User and Pass Must belong to a user that can import Dashboards on Superset!!!

Creadits

Please Note Original PoC has been written by David May [[email protected]][https://github.com/DavidMay121]

More Repositories

1

CVE-2018-4407

IOS/MAC Denial-Of-Service [POC/EXPLOIT FOR MASSIVE ATTACK TO IOS/MAC IN NETWORK]
Python
33
star
2

Damn-Small-URL-Crawler

A Minimal Yet Powerful Crawler for Extracting all The Internal/External/Fuzz-able Links from a website
Python
32
star
3

ZombieBotV12

Zombie Bot from Darkweb
Python
28
star
4

SecRep

SecRep Is a Repository That Contain Useful Intrusion, Penetration and Hacking Archive Including Tools List, Cheetsheet and Payloads
19
star
5

TheXFramework

Network/WebApplication Information Gathering, Enumeration and Vulnerability Scanning (Under Development)
Python
17
star
6

CVE-2018-15473

OpenSSH 7.7 - Username Enumeration
Python
15
star
7

Py4Sec

Python3 Samples For Penetration Testing / Ethical Hacking (Offensive Side of The Python)
Python
14
star
8

RTSPServer-Code-Execution-Vulnerability

RTSPServer Code Execution Vulnerability CVE-2018-4013
Python
14
star
9

BitcoinCore-DOS-DoubleSpending

PoC of BitcoinCore Denial-Of-Service and DoubleSpending
Python
9
star
10

CVE-2018-7600

CVE-2018-7600 POC (Drupal RCE)
Python
8
star
11

Ethbc

Ethereum Private-Key Brute force Concept
Python
8
star
12

CVE-2018-6961

VMware NSX SD-WAN command injection vulnerability
Python
5
star
13

r3dJigSaw

Experiments On Malware Development Based on Jigsaw Malware
C#
4
star
14

Extreme-Exploit

An Directory For Archiving Non-Robust Exploits, Exploit Samples and Malware Samples/Parts
C
3
star
15

FuzzPy

FuzzPy is a Simple and Basic Library for finding Url with Parameter
Python
2
star
16

PythonFaceDetection

Python FaceRecongnition (Capture,Analyze,Recongnize)
Python
2
star
17

Mini-CSRF

A Minimal CSRF Scanner Written in python With Crawler
Python
2
star
18

serialize-command-exec

serialize-command-exec is a tool for running serialize commands on ssh
Python
2
star
19

Algorithm-Implementation-Prototyping-and-Samples

Simply Meme is a repository for Putting My Sample Codes About Algorithms, Machine-Learning and Other Codes
Python
2
star
20

InstallationRepo

Collection of Installation Scripts (Made Public)
Python
2
star
21

CVE-2018-10933

CVE-2018-10933 POC (LIBSSH)
Python
1
star
22

cGA-Binary

Sample of Compact Genetic Algorithm For Binary Optimization
Python
1
star