Exploit for Improper Input Validation in Saleor
Discription

image
CVE-2022-39275 POC for CVE-2022-39275. Resources for the advisory: NIST NVD CVE.org Github Security Advisory This is a fork of commit hash: 47f9f5fb29be2b5892c79ace4f23022f397a0a5e link, just re-pushed as there were git submodules that also had to be changed. POC-Setup Follow the setup guide. In case it's outdated, here are the steps: “`sh cd saleor-platform docker compose build docker compose run –rm api python3 manage.py migrate docker compose run –rm api python3 manage.py populatedb docker compose run –rm api python3 manage.py createsuperuser docker compose up “` admin users are [email protected] and admin. Regular users can be found in the saleor source code (I think most of them just have password as their password). Getting the authentication token might be abit tricky (since it has an expiry mechanic using the refresh token. For more information, check authentication-docs). I won't help with this as doing all the steps above already assumes you have application security experience. POC All you have to do is run GraphQLer to identify the POC. Once the POC is identified, craft your requests in your favorite request…Read More

Back to Main

Subscribe for the latest news: