CVE-2020-14368 PoC — Eclipse Che 跨站请求伪造漏洞

Source

Associated Vulnerability

Description

Interactive RCE exploit demo for Eclipse CHE

Readme

# CSWSH-THEIA-CVE-2020-14368

- Report target: Eclipse CHE deployment available on che.openshift.io
- Vulnerability type: Cross-site websocket hijack
- Discovery date: 2020-04-08
- Author: Robin Duda (codingchili@github)

## Summary

The /services websocket endpoint in Eclipse CHE adn Theia is vulnerable to cross-site websocket hijacking.
This vulnerability affects Eclipse CHE servers that uses cookie or basic authentication as the websocket
connection doesn't perform any cross-site checks or in-channel authentication, the browser automatically
includes any credentials when connecting from third-party domains. The attack works just like a cross-site
request forgery attack, except it is much more powerful as it grants an attacker two-way communicaiton.

Read more about CSWSH here: https://portswigger.net/web-security/websockets/cross-site-websocket-hijacking

File Snapshot

 [4.0K]  /data/pocs/7de39e3a8c7e5e30e8b53538ffd6a43563b1d771
├── [1.0K]  LICENSE
├── [4.0K]  poc
│   ├── [6.1K]  che-openshift-con-hack.html
│   ├── [7.3K]  gcp-con-hack.html
│   └── [2.1K]  theia-con-hack.html
├── [ 870]  README.md
├── [ 15K]  report.md
├── [280K]  report.pdf
└── [4.0K]  screenshots
    ├── [ 29K]  e1_1.PNG
    ├── [ 24K]  e2_1.PNG
    ├── [ 35K]  e2_2.PNG
    ├── [ 29K]  e2_3.PNG
    ├── [ 23K]  e2_4.PNG
    ├── [ 46K]  router_ingress_address.PNG
    └── [ 47K]  wireshark_dns_mitm.PNG

2 directories, 14 files

Remarks