Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSRF vulnerability exists at the SMTP configuration, which can detect the server intranet #806

Closed
Jayway007 opened this issue Apr 29, 2020 · 0 comments
Labels
kind/support Categorizes issue or PR as a support question.

Comments

@Jayway007
Copy link

1、Because the password of the login account of the system background is transmitted in plain text, it can easily enter the background through brute force cracking:
2、The problem lies in the STMP server configuration,which can specify host address and port
image
3、There is a hidden testConnection () interface in the code to test the connectivity of the mailbox server
image
4、It is a javaMailSender that depends on springframework:
image
5、So you can test through this interface, write the address as 127.0.0.1,When the server port is open, the corresponding time is shorter:20millis:
image
6、The port is not open, the corresponding time is longer:1000+millis:
image

7、You can obtain the open ports of the server and other hosts on the intranet in batches according to the length of the echo time, and then carry out further attacks

@Jayway007 Jayway007 added the kind/support Categorizes issue or PR as a support question. label Apr 29, 2020
@ruibaby ruibaby closed this as completed Jul 17, 2020
JohnNiang pushed a commit to JohnNiang/halo that referenced this issue Mar 2, 2023
…alo-dev#806)

#### What type of PR is this?

/kind bug

#### What this PR does / why we need it:

修复编辑旧文章时,没有为文章设置 `content.halo.run/preferred-editor` 的元数据的问题。

#### Which issue(s) this PR fixes:

Ref halo-dev#3080

#### Special notes for your reviewer:

测试方式:

1. 在有旧数据的情况下切换到此 PR。
2. 编辑一篇旧的文章后保存。
3. 打开文章设置,检查元数据中是否包含了 `content.halo.run/preferred-editor`

#### Does this PR introduce a user-facing change?


```release-note
None
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/support Categorizes issue or PR as a support question.
Projects
None yet
Development

No branches or pull requests

2 participants