| 제목 | Sparksuite SimpleMDE 1.11.2 Server-Side Request Forgery SSRF |
|---|
| 설명 | An unauthenticated attacker can make internal requests on the target server, with the aim of carrying out attacks on the victim's infrastructure, potentially opening new paths and exploitation combinations for other vulnerabilities.
The vulnerability in the markdown converter service occurs due to the lack of treatment and validation of user input, allowing an attacker to use the following payload to view an internal service:
<iframe src="http://127.0.0.1:PORT"></iframe>
Poc Video: https://youtu.be/t-mDofraMcc
References:
https://owasp.org/www-community/attacks/Server_Side_Request_Forgery
https://portswigger.net/web-security/ssrf
|
|---|
| 원천 | ⚠️ https://github.com/sparksuite/simplemde-markdown-editor |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2024. 01. 14. AM 01:12 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 17. PM 02:37 (4 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 251373 [Sparksuite SimpleMDE 까지 1.11.2 iFrame 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|