Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-29415 PoC — node-ip 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/confluence-xslt-macro-ssrf.yaml
Associated Vulnerability
Title:node-ip 安全漏洞 (CVE-2024-29415)
Description:node-ip是indutny个人开发者的一个 node.js 模块。 node-ip 2.0.1及之前版本存在安全漏洞,该漏洞源于某些IP地址分类不正确,可通过isPublic进行全局路由,可能导致服务端请求伪造(SSRF)。
Description
Atlassian Confluence Data Center and Server include an XSLT macro feature that may be vulnerable to Server-Side Request Forgery (SSRF). By leveraging the ability of the XSLT macro to access external resources, attackers can potentially cause the server to make HTTP requests to arbitrary URLs. This can allow internal network scanning, access to sensitive systems, or exposure of internal information.
File Snapshot

 id: confluence-xslt-macro-ssrf

info:
  name: Atlassian Confluence XSLT Macro - Server-Side Request 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.