Lucene search
Nithissh200CFCAB02E-D6AD-4DCF-B1B0-DA90434BC55BHistoryOct 06, 2022 - 9:26 a.m.
Origin validation Bypass
2022-10-0609:26:35
nithissh200
www.huntr.dev
17
security vulnerability
python
domain validation
EPSS
0.002
Percentile
59.6%
In the following python script
if request.method in ['POST', 'PUT', 'PATCH', 'DELETE']:
origin = request.headers.get('Origin', None)
if origin and not origin.startswith(request.base):
raise cherrypy.HTTPError(403, 'Unexpected Origin header')
Explanation:
In the above lines of code, The origin is being only validated from the start of domain name only https://rdiffweb-demo.ikus-soft.com. But it isn’t validated after the actual domain name https://rdiffweb-demo.ikus-soft.com .nithissh.com
For Example,
If we enter the following domain https://nithissh.com.rdiffweb-demo.ikus-soft.com as an origin and then the origin header being validated and returns a 403 status as expected in the code
But Now we can bypass the above validation check, By a creating subdomain after the soft.com.^ as follows https://rdiffweb-demo.ikus-soft.com .nithissh.com.
Related
osv
osv
Origin Validation Error in rdiffweb
2022-10-14 12:00:17
CVE-2022-3457
2022-10-13 20:15:09
cvelist
cvelist
CVE-2022-3457 Origin Validation Error in ikus060/rdiffweb
2022-10-13 00:00:00
prion
prion
Input validation
2022-10-13 20:15:00
veracode
veracode
Privilege Escalation
2022-10-16 23:39:48
nvd
nvd
CVE-2022-3457
2022-10-13 20:15:09
cve
cve
CVE-2022-3457
2022-10-13 20:15:09
github
github
Origin Validation Error in rdiffweb
2022-10-14 12:00:17