Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-04 18:40:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add CVE-2023–5123 in CSPT2CSRF real world scenario

Browse source
This commit is contained in:
Maxime Escourbiac 2024-11-08 15:09:08 +01:00 committed by GitHub
parent 37641d2b9e
commit 5c60cd7b61
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Client Side Path Traversal/README.md
View file

@ -58,6 +58,7 @@ Real-World Scenarios:
* CVE-2023-45316: CSPT2CSRF with a POST sink in Mattermost : `/<team>/channels/channelname?telem_action=under_control&forceRHSOpen&telem_run_id=../../../../../../api/v4/caches/invalidate`
* CVE-2023-6458: CSPT2CSRF with a GET sink in Mattermost
* [Client Side Path Manipulation - erasec.be](https://www.erasec.be/blog/client-side-path-manipulation/): CSPT2CSRF `https://example.com/signup/invite?email=foo%40bar.com&inviteCode=123456789/../../../cards/123e4567-e89b-42d3-a456-556642440000/cancel?a=`
* [CVE-2023-5123 : CSPT2CSRF in Grafanas JSON API Plugin](https://medium.com/@maxime.escourbiac/grafana-cve-2023-5123-write-up-74e1be7ef652)
## References