Enviar #558377: 20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SSRFinformación

Título20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SSRF
DescripciónVulnerability 4 – Unauthorized Crawler Source Control & SSRF (CVE-3) Title: Unauthenticated Crawl Interfaces Lead to Configuration Tampering and SSRF Details: POST /addCrawlSource: Adds a new crawl source without access control. POST /testParse: Accepts arbitrary URLs and regex rules for remote parsing. Leads to SSRF and potential regex data leakage. Example SSRF PoC: curl -X POST "http://target-ip:port/testParse" -d "rule=(<title>(.*?)</title>)&url=http://127.0.0.1:8080/internal&isRefresh=1" CWE: CWE-306, CWE-918
Fuente⚠️ https://www.cnblogs.com/aibot/p/18827504
Usuario
 Anonymous User
Sumisión2025-04-15 15:10 (hace 1 Año)
Moderación2025-04-27 19:53 (12 days later)
EstadoAceptado
Entrada de VulDB306371 [20120630 Novel-Plus hasta 0e156c04b4b7ce0563bef6c97af4476fcda8f160 CrawlController.java addCrawlSource autenticación débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!