Intro:

Back to Feb 1, 2020 at 5:53PM, I reported a critical vulnerability issue that gives me a remote code execution(RCE) on StrongKey company. To those who don’t know, StrongAuth, or StrongKey is a security based company that “makes data breach irrelevant, with StrongKey technology, your data becomes worthless to hackers” as stated on their website !.

About the company by CyberDb :


StrongAuth, Inc. is a Silicon Valley company focused on Symmetric Key Management, Encryption, Tokenization and PKI and FIDO-based Strong-Authentication. StrongAuth has defined a unique web-application architecture – Regulatory Compliant Cloud Computing (RC3) – which enables secure cloud-computing while complying with data-security regulations anywhere in the world.

Enough speaking !

Spotting the vulnerability:

As usual, conducting my research and don’t know how the strongAuth web app kicks my browser, clicked around found myself into partner subdomain. Quick look at the url, I recognized the extension .action, directly went to test for the Struts CVE-2017-563, as I already seen that pattern from some reads I did before.

Exploitation:

I grabbed the public exploit 41570 and did a quick check, and okey I was in !

Here is my PoC:

RCE

Notes:

  • Keep your eyes on recent CVES, reverse them if no public exploit exists, and always keep a good reads habit.
  • No matter what company’s size, there will be always some flaws here and there.
  • Even if the main company’s mission is protection, they missed out to patch the bug before. And breaches comes from here !