| 제목 | tpAdmin url parameter SSRF |
|---|
| 설명 | tpadmin is a ThinkPHP5.0 official version and Hui.admin v2.5 management background, simplify the management of the background development process, simplify the preparation of code, improve code reuse rate, while integrating complete permissions management and other commonly used functions in the management background
There is an SSRF vulnerability in tpadmin(application\admin\controller\Upload.php), allowing attackers to scan and attack potential intranet servers, read arbitrary local files, etc.
Vulnerability point:
application\admin\controller\Upload.php
remote() function
$url parameter
The server initiates the request by submitting a URL as POST via the url parameter. No filtering in the program, resulting in a safety hazard
The information system may be accessed using file://or other protocols. |
|---|
| 원천 | ⚠️ https://tib36.github.io/2023/04/09/tpAdmin-SSRF/ |
|---|
| 사용자 | nokali (UID 42250) |
|---|
| 제출 | 2023. 04. 09. AM 10:50 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 04. 10. PM 05:50 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 225408 [yuan1994 tpAdmin 1.3.12 Upload.php remote url 권한 상승] |
|---|
| 포인트들 | 20 |
|---|