.. / CVE-2018-17246

Exploit for Kibana - Local File Inclusion (CVE-2018-17246)

Description:

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2018-17246.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-17246.yaml

Try the exploit in a lab environment:

Lab	Machine	Link
Hack The Box	Haystack	Go to Practice

References:

https://access.redhat.com/errata/RHBA-2018:3743
https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594
https://www.elastic.co/community/security
https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md
https://nvd.nist.gov/vuln/detail/CVE-2018-17246

.. / CVE-2018-17246 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }