| عنوان | Woahai321 list-sync <=0.6.6 SSRF |
|---|
| الوصف | The POST /api/notifications/test endpoint accepts a user-supplied webhook_url in the request body and passes it directly to requests.post() (or DiscordWebhook) without any URL validation or allowlist check. An attacker sends a crafted JSON payload with webhook_url pointing to an attacker-controlled server. The application issues an outbound HTTP request to that URL, confirmed by DNS callback hits from the server's IP. This SSRF can be used for internal network scanning, cloud metadata exfiltration (e.g. AWS IMDSv1), or port probing.
|
|---|
| المصدر | ⚠️ https://github.com/Woahai321/list-sync/issues/79 |
|---|
| المستخدم | ZAST.AI (UID 87884) |
|---|
| ارسال | 26/02/2026 09:05 AM (3 أشهر منذ) |
|---|
| الاعتدال | 11/03/2026 01:36 PM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 350388 [Woahai321 ListSync حتى 0.6.6 JSON api_server.py requests.post تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|