Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery

• Exploit Database
• 17 阅读

• 作者： Alexandre Basquin
  日期： 2019-05-10
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/46820/

• # Exploit Title: Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
  # Date: 2/26/2019
  # Exploit Author: Alexandre Basquin
  # Vendor Homepage: https://blog.thehive-project.org
  # Software Link: https://github.com/TheHive-Project/Cortex
  # Version: Cortex <= 2.1.3
  # Tested on: 2.1.3
  # CVE : CVE-2019-7652
  
  # Exploit description
  
  The "UnshortenLink_1_0" analyzer used by Cortex contains an SSRF vulnerability 
  
  
  POC:
  
  1. Create a new analysis
  
  2. Select Data Type "URL"
  
  3. Put your SSRF payload in the Data parameter (e.g. "http://127.0.0.1:22")
  
  4. Result can be seen in the main dashboard.
  
  
  Reported to TheHive Project by Alexandre Basquin on 1/24/2019
  
  The issue has been fixed in UnshortenLink 1.1 released within Cortex-analyzers 1.15.2
  
  References:
  
  UnshortenLink, SSRF and Cortex-Analyzers 1.15.2