CVE-2022-24406 The SAX App Suite through 7.10.6 has a predictable SSRF issue that can be exploited through Documentconverter API calls.

CVE-2022-24406 The SAX App Suite through 7.10.6 has a predictable SSRF issue that can be exploited through Documentconverter API calls.

This may allow an attacker to gain access to internal account information, such as the user’s e-mail address, or to change internal account information, such as the user’s password. A remote attacker may also be able to hijack the user’s session or obtain sensitive information about the application, such as the list of installed add-ons. The following is an example of an input field in a form that is being populated using the multipart/form-data content type. -------------------------- input -------------------------- name=’foo’ value=’bar’ -- multipart/form-data -------------------------- This input may be vulnerable to SSRF. In addition, the following may be vulnerable if the application accepts forms of this type: - Public files - Internal files - Dynamic files - RSS feeds - Bookmarks - RSS feeds - User-uploaded files - Config files - etc. The following example shows how an attacker may be able to inject arbitrary HTML code into the name input field via SSRF. input type=’hidden’ name=’foo’ value=’script>alert(‘xss’)/script>’ -- multipart/form-data -- --------------------------

Public files

Public files may be vulnerable to SSRF if the application uses a third-party library that accepts files of the given type, such as XMLHttpRequest. The following is an example of an input field in a form that is being populated using the multipart/form-data content type. -------------------------- input -------------------------- name=’foo’ value=’bar’ -- multipart/form-data -------------------------- This input may be vulnerable to SSRF.

Command Injection

SSRF is a vulnerability that allows an attacker to access sensitive information by using a web application's URL. If a company isn't careful when it comes to the development of their own website, they could be vulnerable to this type of attack.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe