Exploitation Summary
EIP tracks 2 public exploits for CVE-2014-9301. PoCs published by V. Paulikas, ottimo.
AI-analyzed exploit summary The provided text describes an SSRF vulnerability in Alfresco Community Edition, where an attacker can exploit the proxy endpoint to access internal systems. It includes a sample request demonstrating the vulnerability but lacks executable exploit code.
Description
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.
Exploits (2)
The provided text describes an SSRF vulnerability in Alfresco Community Edition, where an attacker can exploit the proxy endpoint to access internal systems. It includes a sample request demonstrating the vulnerability but lacks executable exploit code.
This is a Burp Suite extension written in Ruby that exploits CVE-2014-9301 by manipulating HTTP requests to bypass Alfresco's Referer header checks. It intercepts and modifies requests to redirect traffic, potentially allowing unauthorized access.