Back to directory

WRITEUP #1329

Pentah0wnage: Pre-Auth RCE in Pentaho Business Analytics Server

RCESSTIAuthorization bypassGroovy scripting

byHarry Withington

Program

Hitachi Vantara (Pentaho)

Published

Apr 4, 2023

Added to HackDex

Apr 6, 2023

Read Full Writeuphttps://research.aurainfosec.io/pentest/pentah0wnage/

▸ RELATED WRITEUPS

WPML Multilingual CMS Authenticated Contributor+ Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI)

3 ways to get Remote Code Execution in Kafka UI

RCEInsecure deserialization

Chaining Three Bugs to Access All Your ServiceNow Data

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Built with ❤️ by Shubham Rawat