CVE-2022-24129 PoC — Shibboleth 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-24129.yaml

Associated Vulnerability

Title:Shibboleth 代码问题漏洞 (CVE-2022-24129)
Description:Shibboleth是英国Shibboleth公司的一套基于Windows平台的开源的SAML协议的Web单点登录系统。 Shibboleth Identity Provider 存在安全漏洞，该漏洞源于 request_uri 参数限制不足，Shibboleth Identity Provider 3.0.4 之前的 OIDC OP 插件允许服务器端请求伪造 (SSRF)。这允许攻击者与任意第三方 HTTP 服务进行交互。

Description

The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter, which allows attackers to interact with arbitrary third-party HTTP services.

File Snapshot


 id: CVE-2022-24129

info:
  name: Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
  author: 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!