exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files from Altion Malka

First Active2021-11-05
Last Active2021-11-05
Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added, Pentaho makes a HTTP request to the dashboards editor (/pentaho/api/repos/dashboards/editor) in order to test the connection by executing a test SQL query. However, further examination revealed that by utilizing CVE-2021-31602, an authentication bypass of Spring APIs, it is possible for an unauthenticated user to execute arbitrary SQL queries on any Pentaho datasource and thus retrieve data from the related databases.

tags | exploit, web, arbitrary, sql injection
advisories | CVE-2021-31602, CVE-2021-34684
SHA-256 | aafd5de6352edfc97e93496f171ced94b49f52a6817c483a7aec6ee26649a0e9
Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. HAWSEC identified that the services userRoleListService and ServiceAction exposed through the /pentaho/webservices/userRoleListService and /pentaho/ServiceAction?action=SecurityDetails endpoints are not enforcing sufficient access controls. Specifically, an authenticated user can list all application usernames present in the Jackrabbit Repository.

tags | exploit, web, protocol
advisories | CVE-2021-31600
SHA-256 | df24858a662120cb07ae1d884fbbf73c40dde32c2c707e40ade959b4c867fc35
Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho Business Analytics and Pentaho Business Server versions 9.1 and below suffer from an authentication bypass vulnerability related to Spring APIs.

tags | exploit, bypass
advisories | CVE-2021-31602
SHA-256 | 7f8a25e1b9943928e3d57e11e94b4b22917396971502415544f387e2340268c3
Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source Management Service located at /pentaho/webservices/datasourceMgmtService allows low-privilege authenticated users to list the connection details of all data sources used by Pentaho.

tags | exploit, web, protocol
advisories | CVE-2021-31601
SHA-256 | 4aaf1b95b9800f81d2e66519aadddc6609e2f04e00314708ec9fc5479517ea37
Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho allows users to upload various files of different file types. The upload service is implemented under the /pentaho/UploadService endpoint. The file types allowed by the application are csv, dat, txt, tar, zip, tgz, gz, gzip. When uploading a file with an extension other than the allowed file types, the application responds with the error message of UploadFileServlet.ERROR_0011 - File type not allowed. Allowable types are csv,dat,txt,tar,zip,tgz,gz,gzip. However, the file extension check can be bypassed by including a single dot "." at the end of the filename.

tags | exploit, bypass
advisories | CVE-2021-34685
SHA-256 | 88d6bd09be7fc284d1910e9a75bbeb0651c9da3a240f985ed3f97efbddeb9345
Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho allows users to create and run Pentaho Report Bundles (.prpt). Users can create PRPT reports by utilizing the Pentaho Designer application and can include BeanShell Script functions to ease the production of complex reports. However, the BeanShell Script functions can allow for the execution of arbitrary Java code when Pentaho PRPT Reports are run by Pentaho Business Analytics. This functionality allows any user with sufficient privileges to upload or edit an existing Pentaho Report Bundle (through Pentaho Designer) and execute arbitrary code in the context of the Pentaho application user running on the web server.

tags | exploit, java, web, arbitrary
advisories | CVE-2021-31599
SHA-256 | 9f8cbd9f5ed4747e5a6fd8e34452cf38b7608a4e96f8f1551a4a3068ced96949
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close