Describe the bug
Server-side request forgery vulnerability (SSRF)
To Reproduce
Steps to reproduce the behavior:
1.go to 'acp/acp.php?tn=pages&sub=index'
2. Enter the intranet address in the box to request
3. Can make a request to the intranet
Screenshots
request packet
Locate the vulnerable code /acp/core/pages.index.php
The start_index parameter calls the function fc_crawler
Tracing the fc_crawler function
Locate the vulnerable code /acp/core/functions_index.php
Continue to track the fc_loadSourceCode function
dict protocol for request
dict://ip:port
Use gopher protocol for request gopher://192.168.172.114:9333/aaaaa
Led to the SSRF vulnerability
Desktop (please complete the following information):
OS: MacOS
Browser all
Version last version
The text was updated successfully, but these errors were encountered:
Sorry, I haven’t seen it these days, you can fix it like this
The port for restricting requests can only be port 80, and only HTTP and HTTPS requests are allowed.
Restrict the intellectual property that cannot access the intranet to prevent attacks on the intranet.
Prohibit 302, 301 jump
Describe the bug
Server-side request forgery vulnerability (SSRF)
To Reproduce
Steps to reproduce the behavior:
1.go to 'acp/acp.php?tn=pages&sub=index'
2. Enter the intranet address in the box to request
3. Can make a request to the intranet
Screenshots

request packet
Locate the vulnerable code
/acp/core/pages.index.phpThe start_index parameter calls the function fc_crawler
Tracing the fc_crawler function
Locate the vulnerable code
/acp/core/functions_index.phpContinue to track the fc_loadSourceCode function
dict protocol for request
Use gopher protocol for request

gopher://192.168.172.114:9333/aaaaaLed to the SSRF vulnerability
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: