Jedox 2022.4.2 – Disclosure of Database Credentials via Connection Checks

• Exploit Database
• 13 阅读

• 作者： Team Syslifters
  日期： 2023-05-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51429/

• # Exploit Title: Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
  # Date: 28/04/2023
  # Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL
  # Vendor Homepage: https://jedox.com
  # Version: Jedox 2022.4 (22.4.2) and older
  # CVE : CVE-2022-47880
  
  
  Introduction
  =================
  An information disclosure vulnerability in `/be/rpc.php` allows remote authenticated users with the appropriate permissions to modify database connections to disclose the clear text credentials via the `test connection` function. To exploit the vulnerability, the attacker must set the host of the database connection to a server under his control.
  
  
  Write-Up
  =================
  See [Docs Syslifters](https://docs.syslifters.com/) for a detailed write-up on how to exploit vulnerability.
  
  
  Proof of Concept
  =================
  1) The host part of a database connection can be changed in the connections details in the UI. Set the Host to a server that you control.
  
  2) Test the database connection.
  
  3) The webserver initiates a connection to the server that you control. Use wireshark to capture network traffic and to ultimately extract the database credentials.