.. / CVE-2022-28117

Exploit for Navigate CMS 2.9.4 - Server-Side Request Forgery (CVE-2022-28117)

Description:

Navigate CMS 2.9.4 is susceptible to server-side request forgery via feed_parser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data modification, and/or unauthorized operation execution.

Nuclei Template

View the template here CVE-2022-28117.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-28117.yaml

References:

https://www.youtube.com/watch?v=4kHW95CMfD0
https://github.com/ARPSyndicate/cvemon
https://www.navigatecms.com/en/blog/development/navigate_cms_update_2_9_5
https://nvd.nist.gov/vuln/detail/CVE-2022-28117
https://packetstormsecurity.com/files/167063/Navigate-CMS-2.9.4-Server-Side-Request-Forgery.html

.. / CVE-2022-28117 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Navigate CMS 2.9.4 - Server-Side Request Forgery (CVE-2022-28117)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-28117