How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
Tags
attack-pattern: Data Python - T1059.006 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID 3ba4e8d5-d6f2-4b6a-884b-053fe35acb0f
Fingerprint 5443318cdbe448f
Analysis status DONE
Considered CTI value 0
Text language
Published July 29, 2017, 2:47 p.m.
Added to db Jan. 18, 2023, 7:38 p.m.
Last updated Nov. 18, 2024, 8:27 a.m.
Headline Orange
Title How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
Detected Hints/Tags/Attributes 54/1/11
Source URLs
Redirection Url
Details Source http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
URL Provider
Details Provider Source level domain
Details orange.tw blog.orange.tw
Attributes
Details Type #Events CTI Value
Details CVE 1 
cve-2016-5699
Details Domain 9 
orange.tw
Details Domain 31 
views.py
Details File 3 
foo.php
Details File 29 
views.py
Details IPv4 1442 
127.0.0.1
Details Url 1 
http://orange.tw/foo.php
Details Url 1 
http://orange.tw:12345/foo
Details Url 1 
http://127.0.0.1:12345
Details Url 1 
http://127.0.0.1:6379
Details Url 1 
http://127.0.0.1:8000/render