Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-41401 PoC — OpenRefine 代码问题漏洞

Source
https://github.com/ixSly/CVE-2022-41401
Associated Vulnerability
Title:OpenRefine 代码问题漏洞 (CVE-2022-41401)
Description:OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.
Readme
# OpenRefine <= v3.5.2 SSRF

[OpenRefine](https://github.com/OpenRefine/OpenRefine) v<=3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.

The root cause of this vulnerability lies in OpenRefine's inadequate server-side validation of the supplied URL. While client-side validation exists, the server-side fails to perform the same level of scrutiny. Consequently, if a user initially provides a valid URI and then later substitutes it with a malicious one, the server-side system fails to detect the alteration.

# PoC 

This vulnerability can be leveraged during the process of creating a new project in OpenRefine. Specifically, by selecting the option to import a project from Web Addresses URLs, a malicious actor can insert a payload that enables them to access internal resources or read sensitive files.


![image](https://github.com/ixSly/CVE-2022-41401/assets/32583633/4d71ef1f-2f02-4b48-8c45-5be99f4f0433)


![image](https://github.com/ixSly/CVE-2022-41401/assets/32583633/df914755-f5eb-43d6-9638-ccdb5d8cb0c3)



# Disclosure Timeline

- Date of Discovery: 10/04/2022
- Reported to OpenRefine Security Team: 15/04/2022
- OpenRefine Team Acknowledgment: 23/05/2022
- Security Path Release: 07/07/2022
File Snapshot

 [4.0K]  /data/pocs/70e0d26200e43164d5d76859646aaa63c9edd653
└── [1.3K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →