Intera InHire Server-Side Request Forgery Vulnerability
Vulnerability
A critical server-side request forgery (SSRF) vulnerability has been identified in Intera InHire versions prior to 20250530. This vulnerability allows remote attackers to manipulate the '29chcotoo9' argument, causing the server to make unauthorized requests to external servers. While this does not directly expose internal resources, it could be exploited in more complex attack scenarios.
Impact
Exploitation of this vulnerability allows for server-side request forgery, where the application is tricked into making requests to external servers on behalf of the attacker. This could be used to access internal services, bypass network restrictions, exfiltrate data, or escalate privileges by chaining with other vulnerabilities.
Reproduction
The vulnerability can be reproduced by sending a GET request to the application with the '29chcotoo9' argument. Include malicious HTTP headers that the application will process. The server's response can be directed to an external server controlled by the attacker, demonstrating the SSRF vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.