| عنوان | 60IndexPage 60IndexPage ≤v1.8.5 SSRF |
|---|
| الوصف | The file /apply/index.php in the 60IndexPage System software version ≤v1.8.5, hosted at https://hao.lylme.com/, has been identified to contain a Pre-Authentication Blind Server Side Request Forgery (SSRF) vulnerability. This issue arises as the 'url' parameter accepted by the file is directly passed to the cURL function without proper sanitization, and only a superficial check for image extension is performed using pathinfo. This vulnerability allows an attacker to send arbitrary requests from the server to an external or internal network, potentially enabling unauthorized access to sensitive data or services. The vulnerability was confirmed by sending a test request using the gopher protocol and successfully receiving the response on the attacker's server. |
|---|
| المصدر | ⚠️ https://note.zhaoj.in/share/iNSyaClT0hGi |
|---|
| المستخدم | glzjin (UID 59815) |
|---|
| ارسال | 19/01/2024 09:06 AM (2 سنوات منذ) |
|---|
| الاعتدال | 26/01/2024 01:44 PM (7 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 252190 [60IndexPage حتى 1.8.5 Parameter /apply/index.php url تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|