| Título | SourceCodester Website Link Extractor 1.0 (or Latest) Server-Side Request Forgery (SSRF) |
|---|
| Descrição | A Server-Side Request Forgery (SSRF) vulnerability exists in the Website Link Extractor application by SourceCodester.
The application accepts a user-supplied URL and retrieves its content using the PHP function file_get_contents() without proper validation, filtering, or network restrictions.
An attacker can supply crafted URLs to access internal resources and services. The application allows requests to internal addresses such as:
http://127.0.0.1
http://localhost
http://[email protected]
Impact:
The vulnerability allows an attacker to access internal services, perform internal network enumeration, and potentially retrieve sensitive information depending on the server environment.
The vulnerability may allow access to internal services such as 127.0.0.1, internal admin panels, or cloud metadata endpoints (e.g., AWS x.x.x.x).
Full technical details and screenshots are available in the public advisory.
|
|---|
| Fonte | ⚠️ https://medium.com/@hemantrajbhati5555/ssrf-vulnerability-in-sourcecodester-website-link-extractor-v1-0-5df6bb708f5e |
|---|
| Utilizador | Hemant Raj Bhati (UID 95613) |
|---|
| Submissão | 15/02/2026 20h54 (há 2 meses) |
|---|
| Moderação | 24/02/2026 22h54 (9 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 347670 [SourceCodester Website Link Extractor 1.0 URL file_get_contents Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|