Title:Alfresco Community Edition 服务器端请求伪造漏洞 (CVE-2014-9301) Description:Alfresco Community Edition是英国Alfresco公司的一个开源企业内容管理平台的社区版,它支持云存储、移动访问等。 Alfresco Community Edition 5.0.a之前版本的proxy servlet中存在服务器端请求伪造漏洞。远程攻击者可借助‘endpoint’参数中特制的URI利用该漏洞向内网服务器发送outbound请求,进行端口扫描,读取任意文件。
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.