CVE-2022-31188_SSRF.txt
1.4 KB
CVAT 2.0 - SSRF (Server Side Request Forgery)
🗂 Description:
#CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability.
#Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade.
⌨ Type: webapps
💻 Platform: Python
🌐 Vendor Homepage: 🌐 Github
🛡 Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-122-generic x86_64)
👑 CVE: CVE-2022-31188
#CVE #SSRF #Exploit #Python
➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/SashClient
🪩 Https://discord.gg/UfFvDYBBMM
🌐 Https://sash.mybin.ir
#CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability.
#Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade.
#CVE #SSRF #Exploit #Python
Please open Telegram to view this post
VIEW IN TELEGRAM
SSRF Proxy
SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP traffic through HTTP servers vulnerable to Server-Side Request Forgery (SSRF).
Once configured, SSRF Proxy attempts to format client HTTP requests appropriately for the vulnerable server. Likewise, the server's response is parsed and formatted for the client.
By correctly formatting the client request and stripping unwanted junk from the response it is possible to use SSRF Proxy as a HTTP proxy for web browsers, proxychains, and scanning tools such as sqlmap, nmap, dirb and nikto.
SSRF Proxy also assists with leveraging blind SSRF vulnerabilities to perform time-based attacks, such as blind time-based SQL injection with sqlmap.
Requirements:
Ruby 2.2.2 or newer.
Ruby Gems:
celluloid-io
webrick
logger
colorize
ipaddress
base32
htmlentities
socksify
mimemagic
Installation:
Usage (command line):
Github
⬇️ Download
🔓
#Ruby #Proxy #SSRF
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP traffic through HTTP servers vulnerable to Server-Side Request Forgery (SSRF).
Once configured, SSRF Proxy attempts to format client HTTP requests appropriately for the vulnerable server. Likewise, the server's response is parsed and formatted for the client.
By correctly formatting the client request and stripping unwanted junk from the response it is possible to use SSRF Proxy as a HTTP proxy for web browsers, proxychains, and scanning tools such as sqlmap, nmap, dirb and nikto.
SSRF Proxy also assists with leveraging blind SSRF vulnerabilities to perform time-based attacks, such as blind time-based SQL injection with sqlmap.
Requirements:
Ruby 2.2.2 or newer.
Ruby Gems:
celluloid-io
webrick
logger
colorize
ipaddress
base32
htmlentities
socksify
mimemagic
Installation:
gem install ssrf_proxy
Usage (command line):
ssrf-proxy [options] -u <SSRF URL>
ssrf-proxy -u https://target/?url=xxURLxx
Github
⬇️ Download
🔓
BugCod3#Ruby #Proxy #SSRF
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
❤2⚡1🔥1
httprebind
Automatic tool for DNS rebinding-based SSRF attacks
Installation:
Usage:
Where
Make sure you point your domain's nameservers to the server indicated by serverIp, and that that IP is the external address of the server, IPv4.
Github
⬇️ Download
🔓
#Python #DNS #SSRF #Attack
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
Automatic tool for DNS rebinding-based SSRF attacks
Installation:
sudo pip install dnslib flask flask_cors
Usage:
sudo python httprebind.py domain.name serverIp mode
Where
mode is one of: ec2, ecs, gcloudMake sure you point your domain's nameservers to the server indicated by serverIp, and that that IP is the external address of the server, IPv4.
Github
⬇️ Download
🔓
BugCod3#Python #DNS #SSRF #Attack
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
⚡1❤1🔥1
Top 25 server-side request forgery (SSRF) parameters
Here are the top 25 parameters that could be vulnerable to server-side request forgery (SSRF) vulnerability:
Next time you encounter such parameters in an URL, get notice because SSRF is a critical vulnerability that may allow you to:
⚪️ Access services on the loopback interface of the remote server
⚪️ Scan internal network an potentially interact with internal services
⚪️ Read local files on the server using file:// protocol handler
⚪️ Move laterally / pivoting into the internal environment
#SSRF #BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
Here are the top 25 parameters that could be vulnerable to server-side request forgery (SSRF) vulnerability:
?dest={target}
?redirect={target}
?uri={target}
?path={target}
?continue={target}
?url={target}
?window={target}
?next={target}
?data={target}
?reference={target}
?site={target}
?html={target}
?val={target}
?validate={target}
?domain={target}
?callback={target}
?return={target}
?page={target}
?feed={target}
?host={target}
?port={target}
?to={target}
?out={target}
?view={target}
?dir={target}
Next time you encounter such parameters in an URL, get notice because SSRF is a critical vulnerability that may allow you to:
#SSRF #BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
❤4🔥4⚡2