Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-20324

SSRF - Retrieve sensitive data from server - Add Gadget

    XMLWordPrintable

Details

    • Unknown
    • N/A
    • N/A

    Description

      SUBMISSION REFERENCES

      RESEARCHER INFORMATION

      • Submitter: floerer

      SUBMISSION INFORMATION

      • Created at: Fri, 04 Nov 2022 11:02:35 GMT
      • Submission status: Accepted

      REPORT CONTENT

      • Severity: High (8.6)
      • Domain: https://intigriti.xwiki.com/ (Url)
      • Proof of concept: I found a way to perform a SSRF and retrieve sensitive data from the server.
        As of now I did limited testing but was able to retrieve the `nginx.conf` so for sure more is possible and I will test it out.

      *Steps to reproduce*
      1. Login with your account on https://intigriti.xwiki.com
      2. Now go to your porfile (clicking on your profile picture in the top right corner) and then on this page select `My dashboard`
      3. Click on `add gadget`
      4. Type `document` and select the `Office document viewer`
      5. Now as reference enter: `url:file:///etc/nginx/nginx.conf`
      6. Click `submit` and the contents of the file will be loaded on your dashboard as you can see.

      I will test more things to show bigger impact

      Attachments

        Issue Links

          Activity

            People

              surli Simon Urli
              intigriti Intigriti Integration
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: