| عنوان | HaoKeKeJi YiQiNiu ≤3.1 Pre-authentication Server Side Request Forgery |
|---|
| الوصف | A pre-authentication Server Side Request Forgery (SSRF) vulnerability has been identified in the YiQiNiu System, specifically in the /application/pay/controller/Api.php file, affecting versions up to and including v1.5.3. The flaw arises from the 'http_post' action where an unchecked 'url' parameter can be passed to a curl function. This vulnerability allows an attacker to read local files and send raw TCP packets, potentially enabling unauthorized access to and data transmission within the internal network. |
|---|
| المصدر | ⚠️ https://note.zhaoj.in/share/gBtNhBb39u9u |
|---|
| المستخدم | glzjin (UID 59815) |
|---|
| ارسال | 12/01/2024 03:48 PM (2 سنوات منذ) |
|---|
| الاعتدال | 12/01/2024 08:18 PM (5 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 250652 [HaoKeKeJi YiQiNiu حتى 3.1 Api.php http_post url تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|