CVE-2015-4050 PoC — Sensio Labs Symfony HttpKernel组件权限许可和访问控制漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2015/CVE-2015-4050.yaml

Associated Vulnerability

Title:Sensio Labs Symfony HttpKernel组件权限许可和访问控制漏洞 (CVE-2015-4050)
Description:Sensio Labs Symfony是法国Sensio Labs公司的一套免费的、基于MVC架构的PHP开发框架。该框架提供常用的功能组件及工具，可用于快速创建复杂的WEB程序。HttpKernel是其中的一个通过利用EventDispatcher组件将请求换转为响应的结构化进程组件。 Sensio Labs Symfony的HttpKernel组件中的FragmentListener存在安全漏洞，该漏洞源于程序启用ESI或SSI支持时，没有检查是否设置_controller属性。远程攻击者可通过向/_

Description

Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.

File Snapshot


 id: CVE-2015-4050

info:
  name: Symfony - Authentication Bypass
  author: ELSFA7110,meme-lord
  sev

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!