Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add template for CVE-2021-20323 #6288

Merged
merged 4 commits into from
Dec 8, 2022
Merged

Add template for CVE-2021-20323 #6288

merged 4 commits into from
Dec 8, 2022

Conversation

ndmalc
Copy link

@ndmalc ndmalc commented Dec 7, 2022

Template / PR Information

Little to no public information on how to test CVE-2021-20323. I wrote a POC on https://github.com/ndmalc/CVE-2021-20323 and a nuclei template here for easy reuse.

Template Validation

I've validated this template locally?

  • [ X] YES
  • NO

Additional Details (leave it blank if not applicable)

Template can easily be tested by using a vulnerable Keycloak container as described here: https://github.com/ndmalc/CVE-2021-20323/tree/main/tests

@ritikchaddha ritikchaddha self-assigned this Dec 8, 2022
@ritikchaddha ritikchaddha added the Done Ready to merge label Dec 8, 2022
@ritikchaddha ritikchaddha added the good first issue Good for newcomers label Dec 8, 2022
@ritikchaddha
Copy link
Contributor

Hello @ndmalc, thank you so much for sharing this template with the community and contributing to this project 🍻

@DhiyaneshGeek DhiyaneshGeek merged commit 14b7cba into projectdiscovery:master Dec 8, 2022
@princechaddha princechaddha added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Dec 16, 2022
@marcelo321
Copy link

marcelo321 commented Oct 3, 2023
edited

This template should be removed, the requirement for this cve to work is to send Content-Type: application/json, which can't be forced on the victim, therefore this is not exploitable!

edit: This shouldn't be a valid cve since it is not exploitable, less impact than a self-xss

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DhiyaneshGeek DhiyaneshGeek DhiyaneshGeek approved these changes

Assignees

@ritikchaddha ritikchaddha

Labels
Done Ready to merge good first issue Good for newcomers Status: Completed Nothing further to be done with this issue. Awaiting to be closed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ndmalc @ritikchaddha @marcelo321 @DhiyaneshGeek @princechaddha