| 제목 | 20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SSRF |
|---|
| 설명 | Vulnerability 4 – Unauthorized Crawler Source Control & SSRF (CVE-3)
Title: Unauthenticated Crawl Interfaces Lead to Configuration Tampering and SSRF
Details:
POST /addCrawlSource: Adds a new crawl source without access control.
POST /testParse: Accepts arbitrary URLs and regex rules for remote parsing. Leads to SSRF and potential regex data leakage.
Example SSRF PoC:
curl -X POST "http://target-ip:port/testParse"
-d "rule=(<title>(.*?)</title>)&url=http://127.0.0.1:8080/internal&isRefresh=1"
CWE: CWE-306, CWE-918 |
|---|
| 원천 | ⚠️ https://www.cnblogs.com/aibot/p/18827504 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 04. 15. PM 03:10 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 04. 27. PM 07:53 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 306371 [20120630 Novel-Plus 까지 0e156c04b4b7ce0563bef6c97af4476fcda8f160 CrawlController.java addCrawlSource 약한 인증] |
|---|
| 포인트들 | 20 |
|---|