NOMISEC-mpgn/CVE-2018-17246

NOMISEC WORKING POC

Exploit for CVE-2018-17246 - Kibana <6.4.3, 5.6.13 - Code Injection

AI Analysis

This PoC demonstrates a Local File Inclusion (LFI) vulnerability in Kibana versions < 6.4.3 and < 5.6.13, which can be exploited to execute arbitrary JavaScript files on the server. The exploit leverages path traversal to include a malicious JavaScript file, potentially leading to remote code execution (RCE) if combined with an unrestricted file upload vulnerability.

Attack Type

RCE

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type remote

Files 1

https://github.com/mpgn/CVE-2018-17246

Stars 66

Forks 15

Last Push Oct 26, 2019

Authors

mpgn CyberArk Labs

Vulnerability

CVE-2018-17246

Kibana <6.4.3, 5.6.13 - Code Injection

CRITICAL

CVSS 9.8