This repository has been archived by the owner on Jan 5, 2023. It is now read-only.
Server-side request forgery vulnerability (SSRF) #60
Comments
patkon
added a commit
that referenced
this issue
Sep 15, 2021
We check if the starting point for indexing pages is a permitted page. Issue #60
|
I'm a little at a loss about this problem. I hope checking the starting point fixes the problem? |
|
Sorry, I haven’t seen it these days, you can fix it like this |
patkon
added a commit
that referenced
this issue
Sep 26, 2021
We only allow http and https for base url in settings. See comments from issue #60
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Describe the bug
Server-side request forgery vulnerability (SSRF)
To Reproduce
Steps to reproduce the behavior:
1.go to 'acp/acp.php?tn=pages&sub=index'
2. Enter the intranet address in the box to request
3. Can make a request to the intranet
Screenshots
request packet
Locate the vulnerable code
/acp/core/pages.index.phpThe start_index parameter calls the function fc_crawler
Tracing the fc_crawler function
Locate the vulnerable code
/acp/core/functions_index.phpContinue to track the fc_loadSourceCode function
dict protocol for request
Use gopher protocol for request
gopher://192.168.172.114:9333/aaaaaLed to the SSRF vulnerability
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: