إرسال #558377: 20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SSRFالمعلومات

عنوان	20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SSRF
الوصف	Vulnerability 4 – Unauthorized Crawler Source Control & SSRF (CVE-3) Title: Unauthenticated Crawl Interfaces Lead to Configuration Tampering and SSRF Details: POST /addCrawlSource: Adds a new crawl source without access control. POST /testParse: Accepts arbitrary URLs and regex rules for remote parsing. Leads to SSRF and potential regex data leakage. Example SSRF PoC: curl -X POST "http://target-ip:port/testParse" -d "rule=(<title>(.*?)</title>)&url=http://127.0.0.1:8080/internal&isRefresh=1" CWE: CWE-306, CWE-918
المصدر	⚠️ https://www.cnblogs.com/aibot/p/18827504
المستخدم	Anonymous User
ارسال	15/04/2025 03:10 PM (1 سنة منذ)
الاعتدال	27/04/2025 07:53 PM (12 days later)
الحالة	تمت الموافقة
إدخال VulDB	306371 [20120630 Novel-Plus حتى 0e156c04b4b7ce0563bef6c97af4476fcda8f160 CrawlController.java addCrawlSource توثيق ضعيف]
النقاط	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!