Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-18638 PoC — Graphite 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-18638.yaml
Associated Vulnerability
Title:Graphite 代码问题漏洞 (CVE-2017-18638)
Description:Graphite是一款基于Django的Web应用程序。该程序主要用于绘制图形和仪表板。 Graphite 1.1.5及之前版本中的send_email in graphite-web/webapp/graphite/composer/views.py文件存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。
Description
Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
File Snapshot

 id: CVE-2017-18638

info:
  name: Graphite <=1.1.5 - Server-Side Request Forgery
  author: huowuzhao

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.