lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 22 May 2018 15:05:24 GMT
Subject: K2 smartforms runtime application - 4.6.11 SSRF

# Vulnerability type: Server Side Request Forgery
# Vendor:
# Product: K2 Smartforms
# Affected version: 4.6.11
# Credit: Foo Jong Meng
# CVE ID: CVE-2018-9920


Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.

By replacing the "GET" parameter to any external domain (i.e. while accessing the affected application (e.g.

The resulting page shows URL with https://url/Identity/STS/Forms/Scripts but rendering in the body (aka local web defacement). 

A port scan on the internal servers can be performed by changing the "GET" parameter URL and analysing the results of the return page.

1. Use a web proxy (i.e zapproxy, burp) to intercept "GET" request for:

2. Replace the "GET" parameter to any external domain (i.e.

3. The resulting page is one with https://url/Identity/STS/Forms/Scripts but showing in the body.

Powered by blists - more mailing lists