| 제목 | Woahai321 list-sync <=0.6.6 SSRF |
|---|
| 설명 | The POST /api/notifications/test endpoint accepts a user-supplied webhook_url in the request body and passes it directly to requests.post() (or DiscordWebhook) without any URL validation or allowlist check. An attacker sends a crafted JSON payload with webhook_url pointing to an attacker-controlled server. The application issues an outbound HTTP request to that URL, confirmed by DNS callback hits from the server's IP. This SSRF can be used for internal network scanning, cloud metadata exfiltration (e.g. AWS IMDSv1), or port probing.
|
|---|
| 원천 | ⚠️ https://github.com/Woahai321/list-sync/issues/79 |
|---|
| 사용자 | ZAST.AI (UID 87884) |
|---|
| 제출 | 2026. 02. 26. AM 09:05 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 11. PM 01:36 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 350388 [Woahai321 ListSync 까지 0.6.6 JSON api_server.py requests.post 권한 상승] |
|---|
| 포인트들 | 20 |
|---|