Submeter #262599: Youke365 Youke365 ≤v1.5.3 SSRFinformação

TítuloYouke365 Youke365 ≤v1.5.3 SSRF
DescriçãoThe Youke365 software, in versions up to and including 1.5.3, contains a blind Server-Side Request Forgery (SSRF) vulnerability within the /app/api/controller/caiji.php file. This vulnerability allows an attacker to manipulate the url parameter to send data to or make requests to the internal network. The issue arises because the input url parameter is directly used in constructing cURL requests without proper sanitization, particularly when using the gopher protocol, which can facilitate communication with the attacker's server, demonstrating the potential for unauthorized access to the internal system from an external network.
Fonte⚠️ https://note.zhaoj.in/share/fssH60eQkvSl
Utilizador
 glzjin (UID 59815)
Submissão05/01/2024 03h20 (há 2 anos)
Moderação07/01/2024 21h00 (3 days later)
EstadoAceite
Entrada VulDB249870 [Youke365 até 1.5.3 Parameter caiji.php url Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!