Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Bugs] Server Side Request Forgery #158

Closed
0xdc9 opened this issue Aug 11, 2022 · 0 comments
Closed

[Security Bugs] Server Side Request Forgery #158

0xdc9 opened this issue Aug 11, 2022 · 0 comments
Labels
bug Something isn't working

Comments

@0xdc9
Copy link

0xdc9 commented Aug 11, 2022

The bug
A Server Side Request Forgery exists in admin/modules/bibliography/marcsru.php and admin/modules/bibliography/z3950sru.php due to the class in lib/marc/XMLParser.inc.php

Reproduce
Steps to reproduce the behavior:

  1. Go to http://127.0.0.1:8008/slims9_bulian-9.4.2/admin/index.php?mod=bibliography then go to copy cataloguing
  2. choose between marc sru or 23950sru
  3. type in something what you want in the search bar
  4. set burpsuite intercept on
  5. change the z3950_SRU_source or marc_SRU_source parameter value to some url that grab the traffic
  6. forward the request
  7. or just visit http://127.0.0.1:8008/slims9_bulian-9.4.2/admin/modules/bibliography/marcsru.php?keywords=aaaaaaaa&index=0&marc_SRU_source=URL_ENCODED_ENDPOINT_THAT_CAPTURE_HTTP_LIKE_HOOKBIN

Screenshots
Normal requests

Screen Shot 2022-08-12 at 04 11 39

Tampered and SSRF trigger(netcat)

Screen Shot 2022-08-12 at 04 13 21

Tampered and SSRF trigger(toptal.com)

Screen Shot 2022-08-12 at 04 22 25

Versions

  • OS: MacOS Mojave 10.14.6
  • Browser: Google Chrome | 103.0.5060.134 (Official Build) (x86_64)
  • Slims Version: slims9_bulian-9.4.2
@0xdc9 0xdc9 added the bug Something isn't working label Aug 11, 2022
@0xdc9 0xdc9 closed this as completed Nov 24, 2022
hasanbasri1993 pushed a commit to hasanbasri1993/slims9_bulian that referenced this issue Jan 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant