Lucene search
Christoph Mahrl, Patrick Pirker, Michael Wedl, Aron MolnarPACKETSTORM:172157HistoryMay 05, 2023 - 12:00 a.m.
Jedox 2022.4.2 Database Credential Disclosure
2023-05-0500:00:00
Christoph Mahrl, Patrick Pirker, Michael Wedl, Aron Molnar
packetstormsecurity.com
174
jedox 2022.4.2
database credential
disclosure
connection checks
cve-2022-47880
remote authenticated users
modify
test connection
information disclosure
vulnerability
server control
wireshark
0.004 Low
EPSS
Percentile
73.6%
`# Exploit Title: Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
# Date: 28/04/2023
# Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL
# Vendor Homepage: https://jedox.com
# Version: Jedox 2022.4 (22.4.2) and older
# CVE : CVE-2022-47880
Introduction
=================
An information disclosure vulnerability in `/be/rpc.php` allows remote authenticated users with the appropriate permissions to modify database connections to disclose the clear text credentials via the `test connection` function. To exploit the vulnerability, the attacker must set the host of the database connection to a server under his control.
Write-Up
=================
See [Docs Syslifters](https://docs.syslifters.com/) for a detailed write-up on how to exploit vulnerability.
Proof of Concept
=================
1) The host part of a database connection can be changed in the connections details in the UI. Set the Host to a server that you control.
2) Test the database connection.
3) The webserver initiates a connection to the server that you control. Use wireshark to capture network traffic and to ultimately extract the database credentials.
`
Related
cvelist
cvelist
CVE-2022-47880
2023-05-12 00:00:00
prion
prion
Information disclosure
2023-05-12 14:15:00
nvd
nvd
CVE-2022-47880
2023-05-12 14:15:09
cve
cve
CVE-2022-47880
2023-05-12 14:15:09
zdt
zdt
exploitdb
exploitdb
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
2023-05-05 00:00:00