Отправить #844665: AstrBotDevs AstrBot 4.25.2 Server-Side Request Forgery (CWE-918)Информация

НазваниеAstrBotDevs AstrBot 4.25.2 Server-Side Request Forgery (CWE-918)
Описание# Technical Details An authenticated SSRF exists in the MCP connection testing workflow implemented by `ToolsRoute.test_mcp_connection()` in `astrbot/dashboard/routes/tools.py`, `validate_mcp_stdio_config()` in `astrbot/core/agent/mcp_client.py`, and `_quick_test_mcp_connection()` in `astrbot/core/provider/func_tool_manager.py` of AstrBot. The application fails to validate user-supplied MCP URL targets before performing backend requests. URL-based configurations bypass stdio validation entirely, and the provider test path issues direct `aiohttp` requests to the supplied destination. No SSRF-specific protections were identified for scheme, hostname, resolved IP, loopback, private ranges, metadata endpoints, or redirects. # Vulnerable Code File: `astrbot/dashboard/routes/tools.py` Method: `ToolsRoute.test_mcp_connection()` Why: The route accepts attacker-controlled `mcp_server_config`, forwards it to `test_mcp_server_connection()`, and URL-based configs pass through `validate_mcp_stdio_config()` because that function returns immediately when `url` is present. `_quick_test_mcp_connection()` then performs outbound `POST`/`GET` requests directly to `cfg["url"]`. # Reproduction 1. Start an HTTP listener reachable from the AstrBot host. 2. Authenticate to the AstrBot dashboard. 3. Send `POST /api/tools/mcp/test` with JSON containing `mcp_server_config.url` set to an attacker-controlled endpoint such as `http://127.0.0.1:19001/mcp-test`. 4. Observe backend callbacks to the listener, even if the MCP handshake later fails. 5. Send a control request without the `url` field and confirm no listener callbacks occur. # Impact - Authenticated users can coerce the AstrBot server into making arbitrary outbound HTTP requests. - The vulnerability enables loopback probing, internal service discovery, and access attempts against internal-only endpoints reachable from the host.
Источник⚠️ https://gist.github.com/YLChen-007/b68732c140fb11d844b214cf2db50a5a
Пользователь
 Eric-a (UID 96353)
Представление01.06.2026 10:25 (1 месяц назад)
Модерация11.07.2026 14:42 (1 month later)
Статуспринято
Запись VulDB377808 [AstrBotDevs AstrBot до 4.25.2 MCP Test Endpoint tools.py ToolsRoute.test_mcp_connection mcp_server_config.url эскалация привилегий]
Баллы20

Do you want to use VulDB in your project?

Use the official API to access entries easily!