bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51429.txt
Exploit-DB 8945b320b5 DB: 2023-05-06 
20 changes to exploits/shellcodes/ghdb

Codigo Markdown Editor v1.0.1 (Electron) - Remote Code Execution

Cmaps v8.0 - SQL injection

EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal)

File Thingie 2.5.7 - Remote Code Execution (RCE)

Intern Record System v1.0 - SQL Injection (Unauthenticated)
Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls
Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path
Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module
Jedox 2022.4.2 - Code Execution via RPC Interfaces
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal

KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE)

Online Pizza Ordering System v1.0 - Unauthenticated File Upload

pluck v4.7.18 - Stored Cross-Site Scripting (XSS)

Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)
Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE)
Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS)

Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)
2023-05-06 00:16:26 +00:00

25 lines
No EOL
1.2 KiB
Text
Raw Blame History

# Exploit Title: Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
# Date: 28/04/2023
# Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL
# Vendor Homepage: https://jedox.com
# Version: Jedox 2022.4 (22.4.2) and older
# CVE : CVE-2022-47880
Introduction
=================
An information disclosure vulnerability in `/be/rpc.php` allows remote authenticated users with the appropriate permissions to modify database connections to disclose the clear text credentials via the `test connection` function. To exploit the vulnerability, the attacker must set the host of the database connection to a server under his control.
Write-Up
=================
See [Docs Syslifters](https://docs.syslifters.com/) for a detailed write-up on how to exploit vulnerability.
Proof of Concept
=================
1) The host part of a database connection can be changed in the connections details in the UI. Set the Host to a server that you control.
2) Test the database connection.
3) The webserver initiates a connection to the server that you control. Use wireshark to capture network traffic and to ultimately extract the database credentials.
Reference in a new issue View git blame Copy permalink