6
[webapps] Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
source link: https://www.exploit-db.com/exploits/51424
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
# Exploit Title: Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
# Date: 28/04/2023
# Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL
# Vendor Homepage: https://jedox.com
# Version: Jedox 2022.4 (22.4.2) and older
# CVE : CVE-2022-47875
Introduction
=================
A Directory Traversal vulnerability in /be/erpc.php allows remote authenticated users to execute arbitrary code. To exploit the vulnerability, the attacker must have the permissions to upload files.
Write-Up
=================
See [Docs Syslifters](https://docs.syslifters.com/) for a detailed write-up on how to exploit vulnerability.
Proof of Concept
=================
1) This vulnerability can be exploited by first uploading a file using one of the existing file upload mechanisms (e.g. Import in Designer). When uploading a file, the web application returns the file system path in the JSON body of the HTTP response (look for `fspath`).
2) Upload a PHP file and note the file system path (`fspath`)
3) Get RCE via Directory Traversal
PATH: /be/erpc.php?c=../../../../../fspath/of/uploaded/file/rce.php
METHOD: POST
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK