.. / CVE-2024-1021

Exploit for Rebuild <= 3.5.5 - Server-Side Request Forgery (CVE-2024-1021)

Description:

Rebuild <= 3.5.5 is vulnerable to server-side request forgery (SSRF) due to improper validation of the url parameter in the readRawText function of the HTTP Request Handler component. This vulnerability allows an attacker to make unauthorized requests to internal resources.

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-1021.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-1021.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-1021
https://github.com/getrebuild/rebuild
https://vuldb.com/?ctiid.252290
https://vuldb.com/?id.252290