| Title | tpAdmin url parameter SSRF |
|---|
| Description | tpadmin is a ThinkPHP5.0 official version and Hui.admin v2.5 management background, simplify the management of the background development process, simplify the preparation of code, improve code reuse rate, while integrating complete permissions management and other commonly used functions in the management background
There is an SSRF vulnerability in tpadmin(application\admin\controller\Upload.php), allowing attackers to scan and attack potential intranet servers, read arbitrary local files, etc.
Vulnerability point:
application\admin\controller\Upload.php
remote() function
$url parameter
The server initiates the request by submitting a URL as POST via the url parameter. No filtering in the program, resulting in a safety hazard
The information system may be accessed using file://or other protocols. |
|---|
| Source | ⚠️ https://tib36.github.io/2023/04/09/tpAdmin-SSRF/ |
|---|
| User | nokali (UID 42250) |
|---|
| Submission | 04/09/2023 10:50 (3 years ago) |
|---|
| Moderation | 04/10/2023 17:50 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 225408 [yuan1994 tpAdmin 1.3.12 Upload.php remote url server-side request forgery] |
|---|
| Points | 20 |
|---|