first commit

jupyter/notebook-rce/README.md

@@ -0,0 +1,27 @@
+# Jupyter Notebook Unauthorized Access
+
+[中文版本(Chinese version)](README.zh-cn.md)
+
+The Jupyter Notebook (previous IPython notebook) is a web-based interactive computing platform.
+
+If the administrator doesn't configure a password for Jupyter Notebook, this will lead to an unauthorized access vulnerability where attackers can create a console and execute arbitrary Python code and commands.
+
+## Vulnerable environment
+
+Execute following command to start a Jupyter Notebook server:
+
+```
+docker compose up -d
+```
+
+After the server is started, you can see the index of Jupyter Notebook on `http://your-ip:8888`.
+
+## Vulnerability Reproduce
+
+Click "New" -> "Terminal" to create a console:
+
+![](1.png)
+
+Execute arbitrary commands in this console:
+
+![](2.png)

jupyter/notebook-rce/README.zh-cn.md

@@ -0,0 +1,25 @@
+# Jupyter Notebook 未授权访问漏洞
+
+Jupyter Notebook（此前被称为 IPython notebook）是一个交互式笔记本，支持运行 40 多种编程语言。
+
+如果管理员未为Jupyter Notebook配置密码，将导致未授权访问漏洞，游客可在其中创建一个console并执行任意Python代码和命令。
+
+## 环境运行
+
+运行测试环境：
+
+```
+docker compose up -d
+```
+
+运行后，访问`http://your-ip:8888`将看到Jupyter Notebook的Web管理界面，并没有要求填写密码。
+
+## 漏洞复现
+
+选择 new -> terminal 即可创建一个控制台：
+
+![](1.png)
+
+直接执行任意命令：
+
+![](2.png)

jupyter/notebook-rce/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '2'
+services:
+ web:
+   image: vulhub/jupyter-notebook:5.2.2
+   command: start-notebook.sh --NotebookApp.token=''
+   ports:
+    - "8888:8888"