| 제목 | 60IndexPage 60IndexPage ≤v1.8.5 SSRF |
|---|
| 설명 | The file /apply/index.php in the 60IndexPage System software version ≤v1.8.5, hosted at https://hao.lylme.com/, has been identified to contain a Pre-Authentication Blind Server Side Request Forgery (SSRF) vulnerability. This issue arises as the 'url' parameter accepted by the file is directly passed to the cURL function without proper sanitization, and only a superficial check for image extension is performed using pathinfo. This vulnerability allows an attacker to send arbitrary requests from the server to an external or internal network, potentially enabling unauthorized access to sensitive data or services. The vulnerability was confirmed by sending a test request using the gopher protocol and successfully receiving the response on the attacker's server. |
|---|
| 원천 | ⚠️ https://note.zhaoj.in/share/iNSyaClT0hGi |
|---|
| 사용자 | glzjin (UID 59815) |
|---|
| 제출 | 2024. 01. 19. AM 09:06 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 26. PM 01:44 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 252190 [60IndexPage 까지 1.8.5 Parameter /apply/index.php url 권한 상승] |
|---|
| 포인트들 | 20 |
|---|