Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 17 Feb 2016 10:30:32 +0100
From: Florent Daigniere <florent.daigniere@...stmatta.com>
To: oss-security@...ts.openwall.com, sandeepk.l337@...il.com
Cc: cve-assign@...re.org
Subject: Re: Re: Umbraco - The open source ASP.NET CMS
 Multiple Vulnerabilities

On Tue, 2016-02-16 at 17:23 -0500, cve-assign@...re.org wrote:
> > http://issues.umbraco.org/issue/U4-7457
> > SSRF
> 
> > the feedproxy.aspx is used to access the external resources using
> > the URL GET parameter.
> 
> > http://local/Umbraco/feedproxy.aspx?url=http://bobsite/index
> > 
> > once you change the URL to the
> > http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index, 
> > you able
> > to access the localhost application of the server.
> > 
> > Using this payload change the port number to perform port scanning
> > of the
> > server. It will be helpful to find the more details of the server.
> > For example:
> > 
> > http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:25/index
> > http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:8080/index
> > 
> > If the port number is closed, you will find the error message on
> > the
> > feedproxy.aspx page.
> 
> Use CVE-2015-8813.
> 

How different is it from CVE-2012-1301 ? Have they re-introduced it?

Florent
Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.