제출 #266845: HaoKeKeJi YiQiNiu ≤3.1 Pre-authentication Server Side Request Forgery정보

제목HaoKeKeJi YiQiNiu ≤3.1 Pre-authentication Server Side Request Forgery
설명A pre-authentication Server Side Request Forgery (SSRF) vulnerability has been identified in the YiQiNiu System, specifically in the /application/pay/controller/Api.php file, affecting versions up to and including v1.5.3. The flaw arises from the 'http_post' action where an unchecked 'url' parameter can be passed to a curl function. This vulnerability allows an attacker to read local files and send raw TCP packets, potentially enabling unauthorized access to and data transmission within the internal network.
원천⚠️ https://note.zhaoj.in/share/gBtNhBb39u9u
사용자
 glzjin (UID 59815)
제출2024. 01. 12. PM 03:48 (2 연령 ago)
모더레이션2024. 01. 12. PM 08:18 (5 hours later)
상태수락
VulDB 항목250652 [HaoKeKeJi YiQiNiu 까지 3.1 Api.php http_post url 권한 상승]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!