| Título | AstrBotDevs AstrBot 4.25.2 Server-Side Request Forgery (CWE-918) |
|---|
| Descripción | # Technical Details
An authenticated SSRF exists in the plugin market registry flow implemented by `get_online_plugins()`, `_build_registry_source()`, and `_fetch_remote_md5()` in `astrbot/dashboard/routes/plugin.py` of AstrBot.
The application fails to validate attacker-supplied registry URLs before issuing server-side requests. The `custom_registry` query parameter is used directly as a fetch target and also used to derive a second `-md5.json` request. There is no allowlist, private-network filtering, scheme restriction, or redirect validation.
# Vulnerable Code
File: `astrbot/dashboard/routes/plugin.py`
Method: `get_online_plugins()`
Why: The handler reads `custom_registry` from the request, passes it into `_build_registry_source()`, and performs `session.get(url)` on the resulting attacker-controlled URL. `_fetch_remote_md5()` makes a second request to a derived attacker-influenced MD5 URL, creating an additional SSRF sink.
# Reproduction
1. Start a reachable HTTP listener that serves `/market-custom.json` and `/market-custom-md5.json`.
2. Authenticate to the AstrBot dashboard.
3. Send `GET /api/plugin/market_list?custom_registry=http://127.0.0.1:19001/market-custom.json&force_refresh=true`.
4. Observe the AstrBot server contacting the listener for both `/market-custom.json` and `/market-custom-md5.json`.
5. Repeat without `custom_registry` and confirm the observer receives no callbacks.
# Impact
- Authenticated users can force AstrBot to make requests to loopback, RFC1918, or otherwise internal HTTP services reachable from the host.
- The issue can be used for internal network probing, metadata access attempts, and interaction with internal-only management interfaces. |
|---|
| Fuente | ⚠️ https://gist.github.com/YLChen-007/cd162554554c273a3a7c0330aa02f3f0 |
|---|
| Usuario | Eric-a (UID 96353) |
|---|
| Sumisión | 2026-06-01 10:19 (hace 1 mes) |
|---|
| Moderación | 2026-07-11 14:42 (1 month later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 377807 [AstrBotDevs AstrBot hasta 4.25.2 market_list Endpoint plugin.py get_online_plugins custom_registry escalada de privilegios] |
|---|
| Puntos | 20 |
|---|