Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntr0x2374619851A4-2A08-4196-80E9-AB41953491D8
HistoryMay 14, 2022 - 12:37 p.m.

Local file inclusion

2022-05-1412:37:41
0x2374
www.huntr.dev
23
server files fetching
ssrf
metadata extraction

EPSS

0.001

Percentile

51.0%

JSON

Description

https://app.diagrams.net/embed2.js?&fetch= is used to fetch data and i tried to perform ssrf by extracting google cloud metadata but was unable to do but i am still able to fetch server files like /etc/passwd.

Proof of Concept

1. Visit https://app.diagrams.net/embed2.js?&fetch=
2. Enter file:///etc/passwd in fetch parameter and see the content of /etc/passwd is fetched in url encoded format.
3. Decode the url data and you can see the contents of /etc/passwd where the server is hosted.

Related

osv 1
nvd 1
prion 1
cvelist 1
cve 1
osv
osv
CVE-2022-1723
2022-05-17 09:15:07
nvd
nvd
CVE-2022-1723
2022-05-17 09:15:07
prion
prion
Server side request forgery (ssrf)
2022-05-17 09:15:00
cvelist
cvelist
CVE-2022-1723 Server-Side Request Forgery (SSRF) in jgraph/drawio
2022-05-17 08:35:10
cve
cve
CVE-2022-1723
2022-05-17 09:15:07

EPSS

0.001

Percentile

51.0%

JSON
Related for 619851A4-2A08-4196-80E9-AB41953491D8
osv1nvd1prion1cvelist1cve1