3
[webapps] Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Che...
source link: https://www.exploit-db.com/exploits/51429
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
# Exploit Title: Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
# Date: 28/04/2023
# Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL
# Vendor Homepage: https://jedox.com
# Version: Jedox 2022.4 (22.4.2) and older
# CVE : CVE-2022-47880
Introduction
=================
An information disclosure vulnerability in `/be/rpc.php` allows remote authenticated users with the appropriate permissions to modify database connections to disclose the clear text credentials via the `test connection` function. To exploit the vulnerability, the attacker must set the host of the database connection to a server under his control.
Write-Up
=================
See [Docs Syslifters](https://docs.syslifters.com/) for a detailed write-up on how to exploit vulnerability.
Proof of Concept
=================
1) The host part of a database connection can be changed in the connections details in the UI. Set the Host to a server that you control.
2) Test the database connection.
3) The webserver initiates a connection to the server that you control. Use wireshark to capture network traffic and to ultimately extract the database credentials.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK