We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
3.6.3 最新版
/jmreport/download/image该接口存在SSRF漏洞,攻击者可以利⽤该漏洞使服务器端向攻击者构造的 任意域发出请求
此处不需要登陆和token,未授权进行SSRF
当该路径不存在时,将可控参传入到e.a方法中
最后跟进传入到org.springframework.web.client.RestTemplate#doExecute
这里对传入参数做出限制,可以通过?a.png来绕过限制实现SSRF
The text was updated successfully, but these errors were encountered:
cr
Sorry, something went wrong.
请问有跟进吗
积木报表的问题,下个版本修复
我也挖了这个,被 CNVD 当成垃圾洞丢到垃圾桶里了
No branches or pull requests
版本号:
3.6.3 最新版
前端版本:vue3版?还是 vue2版?
问题描述:
/jmreport/download/image该接口存在SSRF漏洞,攻击者可以利⽤该漏洞使服务器端向攻击者构造的
任意域发出请求
此处不需要登陆和token,未授权进行SSRF
截图&代码:
当该路径不存在时,将可控参传入到e.a方法中
![image](https://private-user-images.githubusercontent.com/55953931/320377516-c1dc5cd9-8979-478d-b31a-a3e4ee8909bd.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjA3OTAwODksIm5iZiI6MTcyMDc4OTc4OSwicGF0aCI6Ii81NTk1MzkzMS8zMjAzNzc1MTYtYzFkYzVjZDktODk3OS00NzhkLWIzMWEtYTNlNGVlODkwOWJkLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzEyVDEzMDk0OVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWUwYTVhOTUzMDgyMmYxODBhMTYwMDNhMDNiMGUwOTViZGVjYWE4YzcwY2M1MTM5NmY5YTg2NzhmMTBkODViMWYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.bI3lLRdJs1n1J6USD_5t4tKFesTUExERpYCSrrosNPU)
最后跟进传入到org.springframework.web.client.RestTemplate#doExecute
这里对传入参数做出限制,可以通过?a.png来绕过限制实现SSRF
友情提示(为了提高issue处理效率):
The text was updated successfully, but these errors were encountered: