Skip to content

shahzaibak96/CVE-2023-46480

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

README.md

README.md

 
 

Repository files navigation

CVE-2023-46480

OwnCast SSRF

Description

An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.

POC

  1. Browse the main page
  2. Click name > Authenticate
  3. Fill the arbritary host and click checkmark
  4. Observe the result with response error and timing

Vulnerability Type

Incorrect Access Control

Vendor of Product

OwnCast

Affected Product Code Base

OwnCast - 0.1.1

Affected Component

authHost parameter of the indieauth function

Attack Type

Remote

Attack Vectors

An unauthenticated user can force the server to access localhost, internal network host, and external hosts and resources.

Reference

https://owncast.online/

https://github.com/owncast/owncast

Discoverer

Shahzaib Ali Khan

About

OwnCast SSRF

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published