[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks Vulnerability

Author
Team Syslifters
Risk
[
Security Risk High
]
0day-ID
0day-ID-38665
Category
web applications
Date add
05-05-2023
CVE
CVE-2022-47880
Platform
php
# Exploit Title: Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
# Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL
# Vendor Homepage: https://jedox.com
# Version: Jedox 2022.4 (22.4.2) and older
# CVE : CVE-2022-47880


Introduction
=================
An information disclosure vulnerability in `/be/rpc.php` allows remote authenticated users with the appropriate permissions to modify database connections to disclose the clear text credentials via the `test connection` function. To exploit the vulnerability, the attacker must set the host of the database connection to a server under his control.


Write-Up
=================
See [Docs Syslifters](https://docs.syslifters.com/) for a detailed write-up on how to exploit vulnerability.


Proof of Concept
=================
1) The host part of a database connection can be changed in the connections details in the UI. Set the Host to a server that you control.

2) Test the database connection.

3) The webserver initiates a connection to the server that you control. Use wireshark to capture network traffic and to ultimately extract the database credentials.

#  0day.today [2024-12-25]  #