Jupyter Notebook is something I believe many Python learners are familiar with. It provides a convenient way to interactively execute Python code via a web interface. Jupyter Notebook (previously known as IPython Notebook) is an interactive notebook that supports over 40 programming languages. If the administrator does not configure a password for Jupyter Notebook, it can lead to an unauthorized access vulnerability, allowing visitors to create a console and execute arbitrary Python code and commands.
Upon accessing, the interface shown above appears, which is the web management interface of Jupyter Notebook. It does not prompt for a password. By selecting “new -> terminal” on the right, a console can be created.
Then, a terminal is opened.
Commands can be executed directly like this?? I was completely stunned—there’s no challenge at all.
I initially thought about using something like Dirty COW to escalate privileges, but after checking the kernel (bbrplus), I realized it’s the same kernel as my local machine. Then I remembered that this vulnerability environment was set up using Docker, which shares a kernel. So, there’s no way to exploit it further.
For such straightforward vulnerabilities, the solution is to enable authentication to prevent unauthorized user access. Implement access control policies and restrict IP access.
Summary: This is the simplest vulnerability I’ve ever reproduced, hands down.