Exploit for MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution CVE-2020-11452 CVE-2020-11454 CVE-2020-11450 CVE-2020-11453 CVE-2020-11451

Name: Exploit for MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution CVE-2020-11452 CVE-2020-11454 CVE-2020-11450 CVE-2020-11453 CVE-2020-11451
Rating: 5 (149 reviews)

2020-04-02 | CVSS 0.2

## https://sploitus.com/exploit?id=PACKETSTORM:157068
# Exploit Title: MicroStrategy Intelligence Server and Web 10.4 -   
multiple vulnerabilities  
# Exploit Author: RedTimmy Security  
# Authors blog:   
https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/  
# Vendor Homepage: https://www.microstrategy.com/  
# Version(s): 10.4 and possibly above  
# CVE: CVE-2020-11450, CVE-2020-11451, CVE-2020-11452, CVE-2020-11453,   
CVE-2020-11454  
  
Early last autumn we have conducted an assessment on MicroStrategy   
Intellitence Server & Web 10.4, that brought to the discovery of six   
different vulnerabilities and recently to the registration of a total of   
five CVE(s).  
  
CVE-2020-11450 - Information Disclosure in Axis2 Happiness Page  
Microstrategy Web 10.4 and possibly above exposes JVM configuration, CPU   
architecture, installation folder and other info through the URL   
“/MicroStrategyWS/happyaxis.jsp”. An attacker could use this   
vulnerability to learn more about the environment the application is   
running in.  
  
CVE-2020-11453 - Server-Side Request Forgery in Test Web Service  
Microstrategy Web 10.4 and possibly above is vulnerable to Server-Side   
Request Forgery in the “Test Web Service” functionality exposed through   
the path “/MicroStrategyWS/”. The functionality requires no   
authentication and, while it is not possible to pass arbitrary schemes   
and parameters in the SSRF request, it is still possible to exploit it   
to conduct port scanning. An attacker could exploit this vulnerability   
to enumerate the resources allocated in the network (IP addresses and   
services exposed).  
  
CVE-2020-11452- Server Side Request Forgery in adding external data  
Microstrategy Web 10.4 and possibly above includes a functionality to   
allow users to import files or data from external resources such as URLs   
or databases in order to parse contents for dashboard creation. By   
providing an external URL under attacker control it’s possible to send   
requests to external resources or leak files from the local system using   
the “file://” stream wrapper.  
  
CVE-2020-11451 - Remote Code Execution in Upload Visualization Plugin  
The “Upload Visualization” plugin in the Microstrategy admin panel   
(version 10.4 and above) allows an administrator to upload a zip  
archive containing files with arbitrary extensions and data. Access to   
admin panel could be reached through SSRF (for example via   
CVE-2020-11452).  
  
CVE-2020-11454 - Stored Cross-Site Scripting in the Dashboard  
Microstrategy Web 10.4 and possibly above is vulnerable to Stored   
Cross-Site Scripting in the “HTML Container” and “Insert Text”  
functionalities in the window allowing for the creation of a new   
dashboard. In order to exploit this vulnerability an user need to have   
access to a shared dashboard or the ability to create a dashboard on the   
application.  
  
More details and full story here:  
https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/