| शीर्षक | github.com/yangjian102621 GeekAI v4.2.3 Server-Side Request Forgery |
|---|
| विवरण | ## Vulnerability Description
The `/api/download` interface accepts URL parameters provided by the user without any security verification. This interface does not require any authentication, directly using `http.Get()` to initiate an HTTP request and returning the response content to the user. This is a typical **Server-Side Request Forgery (SSRF)** vulnerability.
## Tested Version
v4.2.3
## Critical Code Location
File: `api/handler/net_handler.go`
Lines: 139-162
`func (h *NetHandler) Download(c *gin.Context) {
fileUrl := c.Query("url") // ⚠️ Source dot - user input, no validation
if fileUrl == "" {
resp.ERROR(c, types.InvalidArgs)
return
}
// ❌ No URL validation!
``` r, err := http.Get(fileUrl) // ⚠️ Sink point - directly initiate the request
if err != nil {
resp.ERROR(c, err.Error())
return
}
defer r.Body.Close()
if r.StatusCode != http.StatusOK {
resp.ERROR(c, "error status:"+r.Status)
return
}
c.Status(http.StatusOK)
_, _ = io.Copy(c.Writer, r.Body) // Return the downloaded content
} |
|---|
| स्रोत | ⚠️ https://github.com/yangjian102621/geekai/issues/256 |
|---|
| उपयोगकर्ता | r00tuser (UID 88975) |
|---|
| सबमिशन | 03/02/2026 04:44 AM (3 महीनों पहले) |
|---|
| संयम | 15/02/2026 06:48 PM (13 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 346166 [GeekAI तक 4.2.4 net_handler.go Download url अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|