| عنوان | GitHub wblog 0.0.1 Server-Side Request Forgery |
|---|
| الوصف | The RestorePost function retrieves the user-controlled fileName parameter via c.PostForm("fileName") without any validation or sanitization. This parameter is directly concatenated with cfg.Qiniu.FileServer (which can be an empty string) to form fileUrl. When cfg.Qiniu.FileServer is empty, attackers can fully control fileUrl by crafting fileName (e.g., http://127.0.0.1:3306/), tricking the server into making unauthorized requests to arbitrary targets. |
|---|
| المصدر | ⚠️ https://github.com/on-theway/wblog/blob/main/README.md |
|---|
| المستخدم | OnTheWay (UID 88937) |
|---|
| ارسال | 12/08/2025 09:30 AM (9 أشهر منذ) |
|---|
| الاعتدال | 24/08/2025 04:28 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 321231 [wangsongyan wblog 0.0.1 backup.go RestorePost fileName تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|