Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-34693 PoC — Apache Superset: Server arbitrary file read

Source
https://github.com/Mr-r00t11/CVE-2024-34693
Associated Vulnerability
Title:Apache Superset: Server arbitrary file read (CVE-2024-34693)
Description:Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0 Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.
Readme
# CVE-2024-34693 Exploit

This repository contains a sophisticated Python script to exploit the CVE-2024-34693 vulnerability in Apache Superset. The script sets up a rogue MySQL server and creates a malicious MariaDB connection to exfiltrate the content of a specified file from the target system.

![[Screenshot_1.png]](https://raw.githubusercontent.com/Mr-r00t11/CVE-2024-34693/main/img/Screenshot_1.png)

## Description

The `CVE-2024-34693` vulnerability allows attackers with the ability to create arbitrary database connections to perform `LOAD DATA LOCAL INFILE` attacks, resulting in the reading of arbitrary files on the target system.

## Features

- **Automated Setup**: Sets up a rogue MySQL server using Bettercap.
- **Malicious Connection**: Creates a malicious MariaDB connection to exfiltrate files.
- **Improved Logging**: Provides detailed logging for better tracking and debugging.
- **Error Handling**: Graceful error handling and meaningful error messages.

## Prerequisites

- Python 3.x
- Bettercap
- Docker and Docker Compose (for setting up the Apache Superset environment)

## Installation

1. Clone the repository:

```sh
git clone https://github.com/Mr-r00t11/CVE-2024-34693-exploit.git
cd CVE-2024-34693-exploit
```

Run the exploit script with appropriate arguments:

```sh
python3 exploit_cve_2024_34693.py http://localhost:8088 /etc/passwd
```

Replace `http://localhost:8088` with the URL of your Apache Superset instance and `/etc/passwd` with the path of the file you wish to exfiltrate.
File Snapshot

 [4.0K]  /data/pocs/5ee2c9a5d2f230b8810b663ddffd195f747e77cd
├── [3.0K]  exploit_cve_2024_34693.py
├── [4.0K]  img
│   └── [ 68K]  Screenshot_1.png
└── [1.5K]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →