Edit Report

Our sensors found this exploit at:

Below is a copy:

perfSONAR - v4.x <= v4.4.4 - Open Web Proxy (Unauthenticated)

Vendor: perfSONAR
Affected Versions: v4.x <= v4.4.4
Vulnerability Type: Open Proxy Relay
Vulnerability Family: CGI Abuses
Discovered by: Ryan Moore
CVE: CVE-2022-41412


perfSONAR bundles with it a graphData.cgi script, used to graph and visualize data. There is a flaw in graphData.cgi allowing for unauthenticated users to proxy and relay HTTP/HTTPS traffic through the perfSONAR server. The vulnerability can potentially be leveraged to exfiltrate or enumerate data from internal web servers.

This vulnerability was patched in perfSONAR v4.4.5.

There is a whitelisting function that will mitigate, but is disabled by default.

Proof of Concept


Here are three examples of this vulnerability in use. To pass a regex match, the URL must include /esmond/perfsonar/archive/../../../ .

Example 1:

In this example, is proxied through perfSONAR server.

This is an image
Example 2:

In this example, sample data is exfiltrated from another adjacent internal web host, running an arbitrary port 4444.

Example 3:

In this example, we are able to download a malicious Powershell script through the perfSONAR server.


Enable whitelisting in perfSONAR.
Update perfSONAR to 4.4.5 or newer.

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.