mirror of
https://github.com/0xMarcio/cve.git
synced 2026-06-02 07:51:39 +02:00
0xMarcio
1.4 KiB
1.4 KiB
CVE-2020-10770
Description
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
POC
Reference
Github
- https://github.com/20142995/Goby
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/CLincat/vulcat
- https://github.com/ColdFusionX/Keycloak-12.0.1-CVE-2020-10770
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Live-Hack-CVE/CVE-2020-10770
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/Z0fhack/Goby_POC
- https://github.com/carlosalbertotuma/Keycloak-Sniper
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/ramshazar/keycloak-blind-ssrf-poc
- https://github.com/securitycipher/daily-bugbounty-writeups
- https://github.com/soosmile/POC