Submeter #770476: glowxq glowxq-oj 1.0.0 Server-Side Request Forgeryinformação

Títuloglowxq glowxq-oj 1.0.0 Server-Side Request Forgery
Descriçãoglowxq-oj contains an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the test case upload functionality. The ProblemCaseController class has an endpoint annotated with @SaIgnore that accepts a user-controlled URL parameter and passes it directly to HttpUtils.download() via FileUtils.downloadFile().
Fonte⚠️ https://fx4tqqfvdw4.feishu.cn/docx/K0SjdZTPRo31LExSdlfcC3jwn1c?from=from_copylink
Utilizador
 xcxr (UID 86629)
Submissão03/03/2026 06h47 (há 2 meses)
Moderação15/03/2026 09h36 (12 days later)
EstadoAceite
Entrada VulDB351112 [glowxq glowxq-oj até 6f7c723090472057252040fd2bbbdaa1b5ed2393 ProblemCaseController.java uploadTestcaseZipUrl Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!