Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 17 Feb 2016 10:30:32 +0100
From: Florent Daigniere <florent.daigniere@...stmatta.com>
To: oss-security@...ts.openwall.com, sandeepk.l337@...il.com
Cc: cve-assign@...re.org
Subject: Re: Re: Umbraco - The open source ASP.NET CMS
 Multiple Vulnerabilities

On Tue, 2016-02-16 at 17:23 -0500, cve-assign@...re.org wrote:
> > http://issues.umbraco.org/issue/U4-7457
> > SSRF
> 
> > the feedproxy.aspx is used to access the external resources using
> > the URL GET parameter.
> 
> > http://local/Umbraco/feedproxy.aspx?url=http://bobsite/index
> > 
> > once you change the URL to the
> > http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index, 
> > you able
> > to access the localhost application of the server.
> > 
> > Using this payload change the port number to perform port scanning
> > of the
> > server. It will be helpful to find the more details of the server.
> > For example:
> > 
> > http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:25/index
> > http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:8080/index
> > 
> > If the port number is closed, you will find the error message on
> > the
> > feedproxy.aspx page.
> 
> Use CVE-2015-8813.
> 

How different is it from CVE-2012-1301 ? Have they re-introduced it?

Florent
Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ