Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrBasubanakar7969E834-5982-456E-9683-861A7A5E2D22
HistoryOct 13, 2022 - 12:19 p.m.

Server Side Request Forgery Via DNS Rebinding

2022-10-1312:19:57
basubanakar
www.huntr.dev
12
ssrf
dns rebinding
aws metadata
appsmith
bug bounty

0.001 Low

EPSS

Percentile

30.4%

JSON

Description

Appsmith below v1.8.1 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via DNS Rebinding technique to hit AWS internal metadata endpoint and for retrieving data.

Proof of Concept

https://drive.google.com/file/d/1rXnHmhCpo59NjMZJGqKUuOZaQzkXjw6p/view?usp=sharing

Related

osv 2
cvelist 1
prion 1
githubexploit 1
cve 1
nvd 1
cnvd 1
osv
osv
BIT-appsmith-2022-4096
2024-03-06 10:50:34
CVE-2022-4096
2022-11-21 15:15:12
cvelist
cvelist
CVE-2022-4096 Server-Side Request Forgery (SSRF) in appsmithorg/appsmith
2022-11-21 00:00:00
prion
prion
Server side request forgery (ssrf)
2022-11-21 15:15:00
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Appsmith
2023-05-14 13:47:05
cve
cve
CVE-2022-4096
2022-11-21 15:15:12
nvd
nvd
CVE-2022-4096
2022-11-21 15:15:12
cnvd
cnvd
Appsmith server-side request forgery vulnerability
2022-11-23 00:00:00

0.001 Low

EPSS

Percentile

30.4%

JSON
Related for 7969E834-5982-456E-9683-861A7A5E2D22
osv2cvelist1prion1githubexploit1cve1nvd1cnvd1