CVE-2019-18394 PoC — Ignite Realtime Openfire 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-18394.yaml

Associated Vulnerability

Title:Ignite Realtime Openfire 代码问题漏洞 (CVE-2019-18394)
Description:Ignite Realtime Openfire是Ignite Realtime社区的一款采用Java开发且基于XMPP（前称Jabber，即时通讯协议）的跨平台开源实时协作（RTC）服务器，它能够构建高效率的即时通信服务器，并支持上万并发用户数量。 Ignite Realtime Openfire 4.4.2及之前版本中的FaviconServlet.java文件存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

Description

Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery.

File Snapshot


 id: CVE-2019-18394

info:
  name: Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery
  a

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!