| शीर्षक | lKinderBueno Streamity Xtream IPTV Web player 2.8 Server-Side Request Forgery |
|---|
| विवरण | A high-severity Server-Side Request Forgery (SSRF) vulnerability exists in Streamity's proxy.php where the application accepts a url parameter, validates it only with filter_var(..., FILTER_VALIDATE_URL), and then issues outbound requests using file_get_contents() (and forwards POST bodies) without any host/IP allowlist, private-range checks, or redirect/IP resolution validation. An attacker able to control the url parameter can force the server to make arbitrary HTTP requests to internal or external hosts, including cloud metadata endpoints, internal admin interfaces, or localhost services. |
|---|
| स्रोत | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Streamity.md |
|---|
| उपयोगकर्ता | lakshay12311 (UID 91298) |
|---|
| सबमिशन | 02/11/2025 01:50 PM (6 महीनों पहले) |
|---|
| संयम | 23/11/2025 03:30 PM (21 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 333352 [lKinderBueno Streamity Xtream IPTV Player तक 2.8 public/proxy.php अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|