Submeter #558377: 20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SSRFinformação

Título20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SSRF
DescriçãoVulnerability 4 – Unauthorized Crawler Source Control & SSRF (CVE-3) Title: Unauthenticated Crawl Interfaces Lead to Configuration Tampering and SSRF Details: POST /addCrawlSource: Adds a new crawl source without access control. POST /testParse: Accepts arbitrary URLs and regex rules for remote parsing. Leads to SSRF and potential regex data leakage. Example SSRF PoC: curl -X POST "http://target-ip:port/testParse" -d "rule=(<title>(.*?)</title>)&url=http://127.0.0.1:8080/internal&isRefresh=1" CWE: CWE-306, CWE-918
Fonte⚠️ https://www.cnblogs.com/aibot/p/18827504
Utilizador
 Anonymous User
Submissão15/04/2025 15h10 (há 1 Ano)
Moderação27/04/2025 19h53 (12 days later)
EstadoAceite
Entrada VulDB306371 [20120630 Novel-Plus até 0e156c04b4b7ce0563bef6c97af4476fcda8f160 CrawlController.java addCrawlSource Autenticação fraca]
Pontos20

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!