| Titre | AstrBotDevs AstrBot 4.25.2 Server-Side Request Forgery (CWE-918) |
|---|
| Description | # Technical Details
An authenticated SSRF exists in the plugin market registry flow implemented by `get_online_plugins()`, `_build_registry_source()`, and `_fetch_remote_md5()` in `astrbot/dashboard/routes/plugin.py` of AstrBot.
The application fails to validate attacker-supplied registry URLs before issuing server-side requests. The `custom_registry` query parameter is used directly as a fetch target and also used to derive a second `-md5.json` request. There is no allowlist, private-network filtering, scheme restriction, or redirect validation.
# Vulnerable Code
File: `astrbot/dashboard/routes/plugin.py`
Method: `get_online_plugins()`
Why: The handler reads `custom_registry` from the request, passes it into `_build_registry_source()`, and performs `session.get(url)` on the resulting attacker-controlled URL. `_fetch_remote_md5()` makes a second request to a derived attacker-influenced MD5 URL, creating an additional SSRF sink.
# Reproduction
1. Start a reachable HTTP listener that serves `/market-custom.json` and `/market-custom-md5.json`.
2. Authenticate to the AstrBot dashboard.
3. Send `GET /api/plugin/market_list?custom_registry=http://127.0.0.1:19001/market-custom.json&force_refresh=true`.
4. Observe the AstrBot server contacting the listener for both `/market-custom.json` and `/market-custom-md5.json`.
5. Repeat without `custom_registry` and confirm the observer receives no callbacks.
# Impact
- Authenticated users can force AstrBot to make requests to loopback, RFC1918, or otherwise internal HTTP services reachable from the host.
- The issue can be used for internal network probing, metadata access attempts, and interaction with internal-only management interfaces. |
|---|
| La source | ⚠️ https://gist.github.com/YLChen-007/cd162554554c273a3a7c0330aa02f3f0 |
|---|
| Utilisateur | Eric-a (UID 96353) |
|---|
| Soumission | 01/06/2026 10:19 (il y a 1 mois) |
|---|
| Modérer | 11/07/2026 14:42 (1 month later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 377807 [AstrBotDevs AstrBot jusqu’à 4.25.2 market_list Endpoint plugin.py get_online_plugins custom_registry élévation de privilèges] |
|---|
| Points | 20 |
|---|