| タイトル | 60IndexPage 60IndexPage ≤v1.8.5 SSRF |
|---|
| 説明 | The file /apply/index.php in the 60IndexPage System software version ≤v1.8.5, hosted at https://hao.lylme.com/, has been identified to contain a Pre-Authentication Blind Server Side Request Forgery (SSRF) vulnerability. This issue arises as the 'url' parameter accepted by the file is directly passed to the cURL function without proper sanitization, and only a superficial check for image extension is performed using pathinfo. This vulnerability allows an attacker to send arbitrary requests from the server to an external or internal network, potentially enabling unauthorized access to sensitive data or services. The vulnerability was confirmed by sending a test request using the gopher protocol and successfully receiving the response on the attacker's server. |
|---|
| ソース | ⚠️ https://note.zhaoj.in/share/iNSyaClT0hGi |
|---|
| ユーザー | glzjin (UID 59815) |
|---|
| 送信 | 2024年01月19日 09:06 (2 年 ago) |
|---|
| モデレーション | 2024年01月26日 13:44 (7 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 252190 [60IndexPage 迄 1.8.5 Parameter /apply/index.php url 特権昇格] |
|---|
| ポイント | 20 |
|---|