Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery

• Exploit Database
• 112 阅读

• 作者： Alexandre Basquin
  日期： 2019-05-10
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/46820/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

  # Exploit Title: Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery # Date: 2/26/2019 # Exploit Author: Alexandre Basquin # Vendor Homepage: https://blog.thehive-project.org # Software Link: https://github.com/TheHive-Project/Cortex # Version: Cortex <= 2.1.3 # Tested on: 2.1.3 # CVE : CVE-2019-7652   # Exploit description   The "UnshortenLink_1_0" analyzer used by Cortex contains an SSRF vulnerability     POC:   1. Create a new analysis   2. Select Data Type "URL"   3. Put your SSRF payload in the Data parameter (e.g. "http://127.0.0.1:22")   4. Result can be seen in the main dashboard.     Reported to TheHive Project by Alexandre Basquin on 1/24/2019   The issue has been fixed in UnshortenLink 1.1 released within Cortex-analyzers 1.15.2   References:   <blockquote class="wp-embedded-content" data-secret="SxEzRvsEUy"><a href="https://blog.thehive-project.org/2019/02/11/unshortenlink-ssrf-and-cortex-analyzers-1-15-2/" target="_blank"rel="external nofollow" class="external" >UnshortenLink, SSRF and Cortex-Analyzers 1.15.2</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“UnshortenLink, SSRF and Cortex-Analyzers 1.15.2” — TheHive Project" src="https://blog.thehive-project.org/2019/02/11/unshortenlink-ssrf-and-cortex-analyzers-1-15-2/embed/#?secret=Law8jtzbFl#?secret=SxEzRvsEUy" data-secret="SxEzRvsEUy" frameborder="0" marginmarginscrolling="no"></iframe>