Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-19033 PoC — Jalios JCMS 授权问题漏洞

Source
https://github.com/ricardojoserf/CVE-2019-19033
Associated Vulnerability
Title:Jalios JCMS 授权问题漏洞 (CVE-2019-19033)
Description:Jalios JCMS是法国Jalios公司的一套企业集成信息管理解决方案。该产品包括企业社交网络、社交学习、文档管理和内容管理系统。 Jalios JCMS 10版本中存在安全漏洞。攻击者可借助后门账户利用该漏洞以管理权限访问该网站和WebDAV服务器的任意部分。
Description
CVE-2019-19033 description and scripts to check the vulnerability in Jalios JCMS 10 (Authentication Bypass)
Readme
# CVE-2019-19033: Jalios JCMS 10 Backdoor Account / Authentication Bypass

I. VULNERABILITY
-------------------------
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account using any username and a specific password.


II. CVE REFERENCE
-------------------------
CVE-2019-19033


III. VENDOR
-------------------------
Jalios (https://www.jalios.com/jcms/j_6/en/home)


IV. TIMELINE
-------------------------
08/11/19 - Vulnerability discovered

09/11/19 - Vendor contacted

14/11/19 - Vendor fixes the vulnerability


V. DESCRIPTION
-------------------------
The "webdav" folder uses HTTP authentication which can be bypassed using the backdoor account. This allows to get access to the website as the administrator and then create more administrator users, change passwords of any username, delete usernames, create groups, download the list of all the users (with email addresses, phone numbers, full names ...). It is also possible to upload or overwrite any file in the WebDAV server. The "webdav" folder is located by default in the root of the website. This is caused by a vulnerable version of the "DevTools" plugin, installed by default.


VI. IMPACT
-------------------------

9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)


VII. SOLUTION
-------------------------
Possible solutions:
- Disable the DevToolsAuthenticationHandler
- Disable or uninstall the DevTools plugin.
- Upgrade DevTools plugin to version 7.1 or 8.1


VIII. REFERENCES
-------------------------
- CVE page: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19033

- NIST page: https://nvd.nist.gov/vuln/detail/CVE-2019-19033

- Public disclosure: https://packetstormsecurity.com/files/155419/Jalios-JCMS-10-Backdoor-Account-Authentication-Bypass.html

- Jalios public issue: https://issues.jalios.com/browse/DTP-58
File Snapshot

 [4.0K]  /data/pocs/687ec70d624595310470248c0438f7ffa2ee0a64
├── [ 568]  CVE-2019-19033-checker.py
├── [1.6K]  CVE-2019-19033-shodan-search.py
└── [1.8K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.