exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

Files from Alberto Favero

First Active2021-11-05
Last Active2021-11-05
Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added, Pentaho makes a HTTP request to the dashboards editor (/pentaho/api/repos/dashboards/editor) in order to test the connection by executing a test SQL query. However, further examination revealed that by utilizing CVE-2021-31602, an authentication bypass of Spring APIs, it is possible for an unauthenticated user to execute arbitrary SQL queries on any Pentaho datasource and thus retrieve data from the related databases.

tags | exploit, web, arbitrary, sql injection
advisories | CVE-2021-31602, CVE-2021-34684
MD5 | 5e8173dd078f8622035191e7d9240582
Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. HAWSEC identified that the services userRoleListService and ServiceAction exposed through the /pentaho/webservices/userRoleListService and /pentaho/ServiceAction?action=SecurityDetails endpoints are not enforcing sufficient access controls. Specifically, an authenticated user can list all application usernames present in the Jackrabbit Repository.

tags | exploit, web, protocol
advisories | CVE-2021-31600
MD5 | 4473d7f48fb807803a782756210b0a90
Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho Business Analytics and Pentaho Business Server versions 9.1 and below suffer from an authentication bypass vulnerability related to Spring APIs.

tags | exploit, bypass
advisories | CVE-2021-31602
MD5 | e08ceb6b58e2ba39a5cf64fc20b8dc52
Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source Management Service located at /pentaho/webservices/datasourceMgmtService allows low-privilege authenticated users to list the connection details of all data sources used by Pentaho.

tags | exploit, web, protocol
advisories | CVE-2021-31601
MD5 | b368e9894d3bc21979cce3e222a5a5fd
Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho allows users to upload various files of different file types. The upload service is implemented under the /pentaho/UploadService endpoint. The file types allowed by the application are csv, dat, txt, tar, zip, tgz, gz, gzip. When uploading a file with an extension other than the allowed file types, the application responds with the error message of UploadFileServlet.ERROR_0011 - File type not allowed. Allowable types are csv,dat,txt,tar,zip,tgz,gz,gzip. However, the file extension check can be bypassed by including a single dot "." at the end of the filename.

tags | exploit, bypass
advisories | CVE-2021-34685
MD5 | 5c9523af1f94516a0e1bacbfad53f0b1
Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho allows users to create and run Pentaho Report Bundles (.prpt). Users can create PRPT reports by utilizing the Pentaho Designer application and can include BeanShell Script functions to ease the production of complex reports. However, the BeanShell Script functions can allow for the execution of arbitrary Java code when Pentaho PRPT Reports are run by Pentaho Business Analytics. This functionality allows any user with sufficient privileges to upload or edit an existing Pentaho Report Bundle (through Pentaho Designer) and execute arbitrary code in the context of the Pentaho application user running on the web server.

tags | exploit, java, web, arbitrary
advisories | CVE-2021-31599
MD5 | 1bb4b7a83770da28b3b5d817f1dc5e99
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close