.. / CVE-2017-18638

Exploit for Graphite <=1.1.5 - Server-Side Request Forgery (CVE-2017-18638)

Description:

Graphite’s send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.

Nuclei Template

View the template here CVE-2017-18638.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2017/CVE-2017-18638.yaml

References:

https://github.com/advisories/GHSA-vfj6-275q-4pvm
https://nvd.nist.gov/vuln/detail/CVE-2017-18638
http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
https://github.com/graphite-project/graphite-web/pull/2499
https://github.com/graphite-project/graphite-web/issues/2008

.. / CVE-2017-18638 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Graphite <=1.1.5 - Server-Side Request Forgery (CVE-2017-18638)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2017-18638