| عنوان | SourceCodester Website Link Extractor 1.0 (or Latest) Server-Side Request Forgery (SSRF) |
|---|
| الوصف | A Server-Side Request Forgery (SSRF) vulnerability exists in the Website Link Extractor application by SourceCodester.
The application accepts a user-supplied URL and retrieves its content using the PHP function file_get_contents() without proper validation, filtering, or network restrictions.
An attacker can supply crafted URLs to access internal resources and services. The application allows requests to internal addresses such as:
http://127.0.0.1
http://localhost
http://[email protected]
Impact:
The vulnerability allows an attacker to access internal services, perform internal network enumeration, and potentially retrieve sensitive information depending on the server environment.
The vulnerability may allow access to internal services such as 127.0.0.1, internal admin panels, or cloud metadata endpoints (e.g., AWS x.x.x.x).
Full technical details and screenshots are available in the public advisory.
|
|---|
| المصدر | ⚠️ https://medium.com/@hemantrajbhati5555/ssrf-vulnerability-in-sourcecodester-website-link-extractor-v1-0-5df6bb708f5e |
|---|
| المستخدم | Hemant Raj Bhati (UID 95613) |
|---|
| ارسال | 15/02/2026 08:54 PM (2 أشهر منذ) |
|---|
| الاعتدال | 24/02/2026 10:54 PM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 347670 [SourceCodester Website Link Extractor 1.0 URL file_get_contents تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|