Skip to content

Instantly share code, notes, and snippets.

@b33t1e
Created March 30, 2023 02:27
Show Gist options
  • Save b33t1e/43b26c31e895baf7e7aea2dbf9743a9a to your computer and use it in GitHub Desktop.
Save b33t1e/43b26c31e895baf7e7aea2dbf9743a9a to your computer and use it in GitHub Desktop.
[description]
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request
Forgery (SSRF) via the component /v1/avatars/favicon. This
vulnerability allows attackers to access network resources and
sensitive information via a crafted GET request.
>
------------------------------------------
>
[VulnerabilityType Other]
Server-Side Request Forgery (SSRF)
>
------------------------------------------
>
[Vendor of Product]
https://github.com/appwrite/appwrite
>
------------------------------------------
>
[Affected Product Code Base]
appwrite - <= Version 1.2.1
>
------------------------------------------
>
[Affected Component]
The API endpoints /v1/avatars/favicon is vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the url before Version 1.2.1 (latest Version).
>
------------------------------------------
>
[Attack Type]
Remote
>
------------------------------------------
>
[Impact Escalation of Privileges]
true
>
------------------------------------------
>
[Impact Information Disclosure]
true
>
------------------------------------------
>
[Attack Vectors]
POC: http://localhost/v1/avatars/favicon?url=http://127.0.0.1:4444/ssrf?param=test
Details can be seen: https://notes.sjtu.edu.cn/s/hTa9CIX8p
>
------------------------------------------
>
[Discoverer]
beet1e
>
------------------------------------------
>
[Reference]
http://appwrite.com
https://github.com/appwrite/appwrite
https://notes.sjtu.edu.cn/s/hTa9CIX8p
https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment