Submit #558377: 20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SSRFinfo

Title20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SSRF
DescriptionVulnerability 4 – Unauthorized Crawler Source Control & SSRF (CVE-3) Title: Unauthenticated Crawl Interfaces Lead to Configuration Tampering and SSRF Details: POST /addCrawlSource: Adds a new crawl source without access control. POST /testParse: Accepts arbitrary URLs and regex rules for remote parsing. Leads to SSRF and potential regex data leakage. Example SSRF PoC: curl -X POST "http://target-ip:port/testParse" -d "rule=(<title>(.*?)</title>)&url=http://127.0.0.1:8080/internal&isRefresh=1" CWE: CWE-306, CWE-918
Source⚠️ https://www.cnblogs.com/aibot/p/18827504
User
 Anonymous User
Submission04/15/2025 15:10 (1 Year ago)
Moderation04/27/2025 19:53 (12 days later)
StatusAccepted
VulDB entry306371 [20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160 CrawlController.java addCrawlSource missing authentication]
Points20

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!