Databasir is a team-oriented relational database model document management platform.
Databasir 1.01 has Server-Side Request Forgery vulnerability.
@ExceptionHandler({Exception.class})
public ResponseEntity<Object> handleUnspecificException(Exception ex, WebRequest request) {
String path = getPath(request);
String errorMsg = ex.getMessage();
log.error("Unspecific exception, request: " + path + ", exception: " + errorMsg + ":", ex);
return handleNon200Response(errorMsg, HttpStatus.INTERNAL_SERVER_ERROR, path);
}@ExceptionHandler({Exception.class})
public ResponseEntity<Object> handleUnspecificException(Exception ex, WebRequest request) {
String path = getPath(request);
String errorMsg = ex.getMessage();
log.error("Unspecific exception, request: " + path + ", exception: " + errorMsg + ":", ex);
return handleNon200Response(errorMsg, HttpStatus.INTERNAL_SERVER_ERROR, path);
}
Create a database extension named http in the [Database extension-JDBC Driver Download Address] function and fill in other Web services on the Intranet. For example: http://192.168.124.1/mobile.asp1.
Then create a new project in the project center and introduce our database extension called http.
Check the logs to see if SSRF was successfully utilized.
LuckyT0mat0 Analyst
Impact
Databasir is a team-oriented relational database model document management platform.
Databasir 1.01 has Server-Side Request Forgery vulnerability.
Patches
https://github.com/vran-dev/databasir/blob/master/api/src/main/java/com/databasir/api/advice/DatabasirExceptionAdvice.java
Workarounds
Can will be affected by the first source (https://github.com/vran-dev/databasir/blob/master/api/src/main/java/com/databasir/api/advice/DatabasirExceptionAdvice.java), one of the 111 to 118 line commented out.
References
None
For more information
Affected source code: https://github.com/vran-dev/databasir/blob/master/api/src/main/java/com/databasir/api/advice/DatabasirExceptionAdvice.java, the vulnerability is located at the function point [database Extension -JDBC driver download address]. During the download verification process, the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Attackers can take advantage of this feature for SSRF. The vulnerability code is in lines 111 through 118:
Create a database extension named http in the [Database extension-JDBC Driver Download Address] function and fill in other Web services on the Intranet. For example:
http://192.168.124.1/mobile.asp1.Then create a new project in the project center and introduce our database extension called http.
Check the logs to see if SSRF was successfully utilized.