| Title | moxi159753 mogu_blog_v2 <=v5.2 Server-Side Request Forgery (SSRF) |
|---|
| Description | mogu_blog_v2, a microservice-based blog system, contains an unauthenticated Server-Side Request Forgery (SSRF) and arbitrary file read vulnerability in the /file/uploadPicsByUrl endpoint. The Spring Security configuration allows public access to /file/** endpoints, and the uploadPictureByUrl method accepts arbitrary userUid/adminUid values without database validation. Attackers can inject systemConfig parameters and supply malicious URLs (including file:// URIs) in the urlList parameter. The application fetches the content via URLConnection.getInputStream() without protocol or host restrictions, saves it to a publicly accessible directory, and returns the URL in the response. This allows unauthenticated attackers to read arbitrary local files (e.g., /etc/passwd, configuration files, private keys), access internal network services, and retrieve cloud provider metadata, leading to complete system compromise. |
|---|
| Source | ⚠️ https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-ssrf-1/report.md |
|---|
| User | sh7err04 (UID 92493) |
|---|
| Submission | 11/10/2025 14:32 (7 months ago) |
|---|
| Moderation | 11/30/2025 20:51 (20 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 333823 [moxi159753 Mogu Blog v2 up to 5.2 /file/uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery] |
|---|
| Points | 20 |
|---|