by vicarius
log in join community
by @jakaba
13 Sep 2023
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

CVE-2023-27524: Authentication Bypass in Apache Superset - exploit

by @jakaba
by @jakaba
13 Sep 2023
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

CVE-2023-27524: Authentication Bypass in Apache Superset - exploit

Apps

S
SupersetApache
0.15.4.1.*
0.34.1.RC2
0.34.1.RC1
0.34.1.*
0.34.1.-
0.17.6.*
*.*
0.37.2.-
0.37.2.RC1
0.37.2.RC2

PoC video

Summary

Exploit script to run any OS command or connect back to your reverse shell on both the database server and Superset server.

general

Description

Tags

#RCE#exposed_to_RCE_attack#APACHE#account_bypass#Authentication#CVE-2023-27524#Superset
users/photos/clj8b3h1k16g10uoihwvzgsxi.png

@jakaba

74 posts

Total vcoins

64.3K

Social media links

Comments (0)