| Title | mogu_blog_v2-FileRestApi#uploadPicsByUrl has a SSRF vulnerability |
|---|
| Description | https://github.com/c3p0ooo-Yiqiyin/mogu_blog_v2/blob/main/README.md
The "uploadPicsByUrl()" method in mogu_blog_v2 contains an SSRF vulnerability. This method uploads the content of the URL we input as the file content. The code uses the new URL class to obtain the data stream from the request link and write it to the image file. As no validation is performed on the user input, it is possible to read files using the file protocol and write them to the image file, and access the file content by accessing the image path using the HTTP protocol. |
|---|
| Source | ⚠️ https://github.com/c3p0ooo-Yiqiyin/mogu_blog_v2/blob/main/README.md |
|---|
| User | c3p0ooo_Yiqiyin (UID 44113) |
|---|
| Submission | 03/31/2023 03:43 (3 years ago) |
|---|
| Moderation | 04/15/2023 11:23 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 226109 [moxi624 Mogu Blog v2 up to 5.2 uploadPicsByUrl uploadPictureByUrl urlList absolute path traversal] |
|---|
| Points | 20 |
|---|