| Titel | moxi159753 mogu_blog_v2 <=v5.2 Server-Side Request Forgery (SSRF) |
|---|
| Beschreibung | mogu_blog_v2, a microservice-based blog system, contains an unauthenticated Server-Side Request Forgery (SSRF) and arbitrary file read vulnerability in the /file/uploadPicsByUrl endpoint. The Spring Security configuration allows public access to /file/** endpoints, and the uploadPictureByUrl method accepts arbitrary userUid/adminUid values without database validation. Attackers can inject systemConfig parameters and supply malicious URLs (including file:// URIs) in the urlList parameter. The application fetches the content via URLConnection.getInputStream() without protocol or host restrictions, saves it to a publicly accessible directory, and returns the URL in the response. This allows unauthenticated attackers to read arbitrary local files (e.g., /etc/passwd, configuration files, private keys), access internal network services, and retrieve cloud provider metadata, leading to complete system compromise. |
|---|
| Quelle | ⚠️ https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-ssrf-1/report.md |
|---|
| Benutzer | sh7err04 (UID 92493) |
|---|
| Einreichung | 10.11.2025 14:32 (vor 7 Monaten) |
|---|
| Moderieren | 30.11.2025 20:51 (20 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 333823 [moxi159753 Mogu Blog v2 bis 5.2 /file/uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|