| タイトル | QingdaoU OnlineJudge <=v1.6.1 Stored SSRF |
|---|
| 説明 | A stored Server-Side Request Forgery (SSRF) vulnerability exists in the Judge Server dispatcher of QingdaoU OnlineJudge. An attacker with access to a judge server token can submit a malicious service_url via the /api/admin/judge_server_heartbeat endpoint, which is then stored in the database. When the application subsequently processes judge tasks, it uses this unvalidated URL to construct and send internal HTTP requests. This allows the attacker to force the server to make arbitrary requests to internal network resources, potentially leading to metadata exfiltration, internal network scanning, or remote code execution.
|
|---|
| ソース | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/27 |
|---|
| ユーザー | Ana10gy (UID 93358) |
|---|
| 送信 | 2026年03月18日 10:10 (29 日 ago) |
|---|
| モデレーション | 2026年04月04日 08:44 (17 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 355291 [QingdaoU OnlineJudge 迄 1.6.1 judge_server_heartbeat Endpoint JudgeServer.service_url 特権昇格] |
|---|
| ポイント | 20 |
|---|