Skip to content
This repository has been archived by the owner on Mar 2, 2019. It is now read-only.

SSRF Vulnerability in /remotedownload.php #20

Open
viccon opened this issue May 9, 2017 · 0 comments
Open

SSRF Vulnerability in /remotedownload.php #20

viccon opened this issue May 9, 2017 · 0 comments

Comments

@viccon
Copy link

viccon commented May 9, 2017

/remotedownload.php

$file = @file_get_contents($_POST['file']);
$header = @get_headers($_POST['file'], 1);
if ($file !== false && stripos($header[0], '200') !== false) {

Obviously, $_POST['file'] could be within intranet ip range, eg. file=http%3A%2F%2F192.168.1.1%2Fvulnerable-router.php, thus exposing a great attack surface.
s3131212 added a commit that referenced this issue Oct 4, 2017
@s3131212
Fix #20 SSRF in remotedownload.php
ca5278b
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@viccon