| शीर्षक | Kodbox 1.64 Server |
|---|
| विवरण | The explorer/editor/fileGet endpoint in kodbox accepts a path parameter and, if it is a URL, uses PathDriverUrl to fetch the resource server-side, returning the body in data.content. The only guard, request_url_safe(), does not block internal/private addresses and allows HTTP(S)/FTP. Thus, any authenticated user can set path to an arbitrary URL, causing the kodbox server to issue requests to internal services and return their responses, enabling a powerful SSRF with full response exfiltration.
To mitigate this, kodbox should stop accepting arbitrary URLs as path in fileGet, or—if remote reads are necessary—enforce strict domain allowlisting, robust IP/netblock restrictions, scheme/port limits, safe redirect handling, and thorough logging and access control for all remote fetch operations. |
|---|
| स्रोत | ⚠️ https://vulnplus-note.wetolink.com/share/UTZQq38f9VyI |
|---|
| उपयोगकर्ता | vulnplusbot (UID 96250) |
|---|
| सबमिशन | 09/03/2026 04:22 AM (1 महीना पहले) |
|---|
| संयम | 22/03/2026 12:40 PM (13 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 352425 [kalcaddle kodbox 1.64 fileGet Endpoint editor.class.php PathDriverUrl path अधिकार वृद्धि] |
|---|
| अंक | 18 |
|---|