945107caf5
10 changes to exploits/shellcodes SpotMSN 2.4.6 - Denial of Service (PoC) DNSS 2.1.8 - Denial of Service (PoC) Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery SOCA Access Control System 180612 - Information Disclosure SOCA Access Control System 180612 - SQL Injection SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin) XOOPS 2.5.9 - SQL Injection OpenProject 5.0.0 - 8.3.1 - SQL Injection Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)
32 lines
No EOL
890 B
Text
32 lines
No EOL
890 B
Text
# Exploit Title: Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
|
|
# Date: 2/26/2019
|
|
# Exploit Author: Alexandre Basquin
|
|
# Vendor Homepage: https://blog.thehive-project.org
|
|
# Software Link: https://github.com/TheHive-Project/Cortex
|
|
# Version: Cortex <= 2.1.3
|
|
# Tested on: 2.1.3
|
|
# CVE : CVE-2019-7652
|
|
|
|
# Exploit description
|
|
|
|
The "UnshortenLink_1_0" analyzer used by Cortex contains an SSRF vulnerability
|
|
|
|
|
|
POC:
|
|
|
|
1. Create a new analysis
|
|
|
|
2. Select Data Type "URL"
|
|
|
|
3. Put your SSRF payload in the Data parameter (e.g. "http://127.0.0.1:22")
|
|
|
|
4. Result can be seen in the main dashboard.
|
|
|
|
|
|
Reported to TheHive Project by Alexandre Basquin on 1/24/2019
|
|
|
|
The issue has been fixed in UnshortenLink 1.1 released within Cortex-analyzers 1.15.2
|
|
|
|
References:
|
|
|
|
https://blog.thehive-project.org/2019/02/11/unshortenlink-ssrf-and-cortex-analyzers-1-15-2/ |