Cortex unshortenlink analyzer < 1.1 serverside request forgery Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-05-10 | Type : webapps | Platform : multiple
This exploit / vulnerability Cortex unshortenlink analyzer < 1.1 serverside request forgery is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
# Date: 2/26/2019
# Exploit Author: Alexandre Basquin
# Vendor Homepage:
# Software Link:
# Version: Cortex <= 2.1.3
# Tested on: 2.1.3
# CVE : CVE-2019-7652

# Exploit description

The "UnshortenLink_1_0" analyzer used by Cortex contains an SSRF vulnerability


1. Create a new analysis

2. Select Data Type "URL"

3. Put your SSRF payload in the Data parameter (e.g. "")

4. Result can be seen in the main dashboard.

Reported to TheHive Project by Alexandre Basquin on 1/24/2019

The issue has been fixed in UnshortenLink 1.1 released within Cortex-analyzers 1.15.2
