From 5c60cd7b613fdbf3ca273bd9b8c86c6b11e2d165 Mon Sep 17 00:00:00 2001 From: Maxime Escourbiac Date: Fri, 8 Nov 2024 15:09:08 +0100 Subject: [PATCH] =?UTF-8?q?Add=20CVE-2023=E2=80=935123=20in=20CSPT2CSRF=20?= =?UTF-8?q?real=20world=20scenario?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Client Side Path Traversal/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Client Side Path Traversal/README.md b/Client Side Path Traversal/README.md index 516f1f8..0bb598f 100644 --- a/Client Side Path Traversal/README.md +++ b/Client Side Path Traversal/README.md @@ -58,6 +58,7 @@ Real-World Scenarios: * CVE-2023-45316: CSPT2CSRF with a POST sink in Mattermost : `//channels/channelname?telem_action=under_control&forceRHSOpen&telem_run_id=../../../../../../api/v4/caches/invalidate` * CVE-2023-6458: CSPT2CSRF with a GET sink in Mattermost * [Client Side Path Manipulation - erasec.be](https://www.erasec.be/blog/client-side-path-manipulation/): CSPT2CSRF `https://example.com/signup/invite?email=foo%40bar.com&inviteCode=123456789/../../../cards/123e4567-e89b-42d3-a456-556642440000/cancel?a=` +* [CVE-2023-5123 : CSPT2CSRF in Grafana’s JSON API Plugin](https://medium.com/@maxime.escourbiac/grafana-cve-2023-5123-write-up-74e1be7ef652) ## References @@ -68,4 +69,4 @@ Real-World Scenarios: - [Leaking Jupyter instance auth token chaining CVE-2023-39968, CVE-2024-22421 and a chromium bug - Davwwwx - 30-08-2023](https://blog.xss.am/2023/08/cve-2023-39968-jupyter-token-leak/) - [On-site request forgery - Dafydd Stuttard - 03 May 2007](https://portswigger.net/blog/on-site-request-forgery) - [Bypassing WAFs to Exploit CSPT Using Encoding Levels - Matan Berson - 2024-05-10](https://matanber.com/blog/cspt-levels) -- [Automating Client-Side Path Traversals Discovery - Vitor Falcao - October 3, 2024](https://vitorfalcao.com/posts/automating-cspt-discovery/) \ No newline at end of file +- [Automating Client-Side Path Traversals Discovery - Vitor Falcao - October 3, 2024](https://vitorfalcao.com/posts/automating-cspt-discovery/)