Invia #558377: 20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SSRFinformazioni

Titolo20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SSRF
DescrizioneVulnerability 4 – Unauthorized Crawler Source Control & SSRF (CVE-3) Title: Unauthenticated Crawl Interfaces Lead to Configuration Tampering and SSRF Details: POST /addCrawlSource: Adds a new crawl source without access control. POST /testParse: Accepts arbitrary URLs and regex rules for remote parsing. Leads to SSRF and potential regex data leakage. Example SSRF PoC: curl -X POST "http://target-ip:port/testParse" -d "rule=(<title>(.*?)</title>)&url=http://127.0.0.1:8080/internal&isRefresh=1" CWE: CWE-306, CWE-918
Fonte⚠️ https://www.cnblogs.com/aibot/p/18827504
Utente
 Anonymous User
Sottomissione15/04/2025 15:10 (1 Anno fa)
Moderazione27/04/2025 19:53 (12 days later)
StatoAccettato
Voce VulDB306371 [20120630 Novel-Plus fino a 0e156c04b4b7ce0563bef6c97af4476fcda8f160 CrawlController.java addCrawlSource autenticazione debole]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Interested in the pricing of exploits?

See the underground prices here!