.. / CVE-2015-4050

Exploit for Symfony - Authentication Bypass (CVE-2015-4050)

Description:

Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.

Nuclei Template

View the template here CVE-2015-4050.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2015/CVE-2015-4050.yaml

References:

https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
http://www.debian.org/security/2015/dsa-3276
https://nvd.nist.gov/vuln/detail/CVE-2015-4050
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html
http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access

.. / CVE-2015-4050 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Symfony - Authentication Bypass (CVE-2015-4050)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2015-4050