QRadar Community Edition 7.3.1.6 Server Side Request Forgery

Posted by deepcore on April 22, 2020 – 5:23 pm

QRadar Community Edition version 7.3.1.6 has an issue where the RssFeedItem class of the QRadar web application is used to fetch and parse RSS feeds. No validation is performed on the user-supplied RSS feed URL. Due to the lack of URL validation (whitelisting), it is possible for authenticated attackers to execute Server-Side Request Forgery attacks. Using this issue it is possible to call the Apache Axis AdminService webservice in order to execute arbitrary code with the privileges of the Tomcat user.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« QRadar Community Edition 7.3.1.6 CSRF / Weak Access Control QRadar Community Edition 7.3.1.6 Default Credentials »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

QRadar Community Edition 7.3.1.6 Server Side Request Forgery

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL