6 matches found
Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery
Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Exploit Title: Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Date: 2/26/2019 Exploit Author: Alexandre Basquin Vendor Homepage: https://blog.thehive-project.org Software Link: https://github.com/TheHive-Project/Cort...
Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
Exploit Title: Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Date: 2/26/2019 Exploit Author: Alexandre Basquin Vendor Homepage: https://blog.thehive-project.org Software Link: https://github.com/TheHive-Project/Cortex Version: Cortex = 2.1.3 Tested on: 2.1.3 CVE : CVE-2019-7652...
CVE-2019-7652
TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be...
CVE-2019-7652
TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be...
Server side request forgery (ssrf)
TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be...
CVE-2019-7652
The CVE-2019-7652 affects TheHive Project’s UnshortenLink analyzer (pre-1.1) included in Cortex analyzers (pre-1.15.2). It enables SSRF via the Data parameter when selecting URL, allowing an attacker to supply an SSRF payload (for example, http://127.0.0.1:22) and observe results on the dashboard...