AI PRP: clickhouse exposed API with weak/default credentials

[lanced00m]

one of the main use cases of Clickhouse is in Machine Learning & GenAI. the default username and password exist for clickhouse especially when you set it up with docker containers.

docker hub: https://hub.docker.com/r/clickhouse/clickhouse-server/ documentation: https://clickhouse.com/docs/en/install#from-docker-image GitHub repository: https://github.com/ClickHouse/ClickHouse

Also, there is a simple UI that is part of the main API:

[maoning]

@lanced00m does the clickhouse API supports arbitrary command execution or just SQL cmds?

[lanced00m]

@maoning I didn't find a way to execute an OS command with the help of SQL cmds. but it is still a critical bug.

[hayageek]

Hi @tooryx , I have explored the ClickHouse API and identified several operations that can be performed if ClickHouse is exposed:

1. Database Operations: You can execute various database operations, including creating, reading, updating, and deleting data.
2. File Operations: You can read files from /var/lib/clickhouse/user_files/ and write files to this directory.
3. Executing Python Scripts: You can run Python scripts located in /var/lib/clickhouse/user_scripts/.
4. HTTP Requests: ClickHouse can perform HTTP/HTTPS requests, including calling external services such as Tsunami Callback URL.
5. Server-Side Request Forgery (SSRF): ClickHouse can perform SSRF attacks using protocols such as HTTP, MySQL, MongoDB, Redis, and S3.

Please let me know, if you want me to implement the plugin with Callback URL

[tooryx]

Hi @hayageek,

Is it possible to combine 2 and 3 to reach remote code execution?

~tooryx

[hayageek]

@tooryx , Options 2 and 3 utilize different directories: /var/lib/clickhouse/user_files/and /var/lib/clickhouse/user_scripts/. There is no direct API available to write to the user_scriptsdirectory. Remote Code Execution (RCE) can potentially be performed using files in the user_scripts directory, but ClickHouse does not allow writing to this directory unless a configuration change is made in the /etc/clickhouse-server/config.xml file.

[hayageek]

@tooryx provide your inputs.

[tooryx]

I will discuss this with the rest of the team, but given that it does not lead to RCE I am not sure if we are going to go forward. I will keep you informed.

~tooryx

[tooryx]

This issue is not a priority for us for now. Thank you for your hard work though!

~tooryx

[lanced00m]

@tooryx Hello, I want to write a weak credential tester plugin, I see that usually, we don't have to check for out-of-band with command execution to implement a weak credential tester plugin. could you let me write a plugin without the need for command execution? I think you make the command execution mandatory for exposed APIs, not for weak credential tester plugins.

[tooryx]

Hi @lanced00m,

It is not that this is required, it is just that for us this reduce the priority of this one. You would probably be able to work on it, but it's not the top priority. Let's clear your queue first.

~tooryx