CVE-2018-10732 PoC — Dataiku DSS REST API 安全漏洞

Source

https://github.com/alt3kx/CVE-2018-10732

Associated Vulnerability

Title:Dataiku DSS REST API 安全漏洞 (CVE-2018-10732)
Description:Dataiku DSS是一套数据处理协作平台。REST API是其中的一个支持轻量级REST风格Web脚本的API。 Dataiku DSS 4.2.3之前版本中的REST API存在安全漏洞。远程攻击者可利用该漏洞获取敏感信息（例如：确定有效的文件名）。

Description

Dataiku REST-API by default the software, allows anonymous access to functionality that allows an attacker to know valid users.

Readme

# CVE-2018-10732
Exploit-DB publication at:  No disclosure! 

# Dataiku vendor Patch and Credits:
https://doc.dataiku.com/dss/latest/release_notes/4.2.html#security


![cve-2018-10732_credits](https://user-images.githubusercontent.com/3140111/40872864-29c152ee-6656-11e8-9704-819d64b1a045.png)

# Author
Alex Hernandez aka <em><a href="https://twitter.com/_alt3kx_" rel="nofollow">(@\_alt3kx\_)</a></em>

File Snapshot


 [4.0K]  /data/pocs/f4b42ac87a5e875e3e659cff79c0366b39192a82
├── [1.6K]  CVE-2018-10732.txt
├── [ 34K]  LICENSE
└── [ 404]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!