0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution Vulnerabilit
Author
Risk
[
Security Risk Critical
]0day-ID
Category
Date add
CVE
Platform
# Exploit Title: MicroStrategy Intelligence Server and Web 10.4 - multiple vulnerabilities # Exploit Author: RedTimmy Security # Authors blog: https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/ # Vendor Homepage: https://www.microstrategy.com/ # Version(s): 10.4 and possibly above # CVE: CVE-2020-11450, CVE-2020-11451, CVE-2020-11452, CVE-2020-11453, CVE-2020-11454 Early last autumn we have conducted an assessment on MicroStrategy Intellitence Server & Web 10.4, that brought to the discovery of six different vulnerabilities and recently to the registration of a total of five CVE(s). CVE-2020-11450 - Information Disclosure in Axis2 Happiness Page Microstrategy Web 10.4 and possibly above exposes JVM configuration, CPU architecture, installation folder and other info through the URL “/MicroStrategyWS/happyaxis.jsp”. An attacker could use this vulnerability to learn more about the environment the application is running in. CVE-2020-11453 - Server-Side Request Forgery in Test Web Service Microstrategy Web 10.4 and possibly above is vulnerable to Server-Side Request Forgery in the “Test Web Service” functionality exposed through the path “/MicroStrategyWS/”. The functionality requires no authentication and, while it is not possible to pass arbitrary schemes and parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). CVE-2020-11452- Server Side Request Forgery in adding external data Microstrategy Web 10.4 and possibly above includes a functionality to allow users to import files or data from external resources such as URLs or databases in order to parse contents for dashboard creation. By providing an external URL under attacker control it’s possible to send requests to external resources or leak files from the local system using the “file://” stream wrapper. CVE-2020-11451 - Remote Code Execution in Upload Visualization Plugin The “Upload Visualization” plugin in the Microstrategy admin panel (version 10.4 and above) allows an administrator to upload a zip archive containing files with arbitrary extensions and data. Access to admin panel could be reached through SSRF (for example via CVE-2020-11452). CVE-2020-11454 - Stored Cross-Site Scripting in the Dashboard Microstrategy Web 10.4 and possibly above is vulnerable to Stored Cross-Site Scripting in the “HTML Container” and “Insert Text” functionalities in the window allowing for the creation of a new dashboard. In order to exploit this vulnerability an user need to have access to a shared dashboard or the ability to create a dashboard on the application. # 0day.today [2024-12-24] #