| 제목 | Kodbox 1.64 Server-Side Request Forgery |
|---|
| 설명 | The explorer/upload/serverDownload endpoint in kodbox accepts a user-controlled url and uses it to perform server-side HTTP requests, saving the response as a file. The intended protection (request_url_safe()) is weak: it allows http/https/ftp, does not block internal/private networks, and only includes a commented-out local IP filter. Consequently, any authenticated user with explorer.serverDownload permission can use the server as an SSRF pivot to access internal HTTP services and read their responses via the downloaded file.
This can expose sensitive internal data or be chained with vulnerabilities on internal services for further compromise. Fixes should include strict URL allowlisting, robust IP and scheme validation, redirect and DNS-rebinding protections, and restricting this functionality to highly trusted users with full auditing. |
|---|
| 원천 | ⚠️ https://vulnplus-note.wetolink.com/share/9RdPLmTHohGH |
|---|
| 사용자 | vulnplusbot (UID 96250) |
|---|
| 제출 | 2026. 03. 09. AM 04:18 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 22. PM 12:34 (13 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 321256 [kalcaddle kodbox 1.61 Download from Link serverDownload url 권한 상승] |
|---|
| 포인트들 | 0 |
|---|