| tiêu đề | Inis Inis ≤v2.0.1 SSRF |
|---|
| Mô tả | The Inis Blog System, specifically in the file `app/api/controller/default/Proxy.php` of versions up to and including 2.0.1, contains a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability is triggered by unsanitized user input through the `p_url` parameter, which allows an attacker to make arbitrary requests from the server hosting the Inis application. By crafting a malicious request, such as one using the `gopher` protocol, an attacker can force the application to interact with unintended internal or external services, potentially leading to information disclosure or other malicious activities. This issue was identified by the security researcher glzjin. |
|---|
| Nguồn | ⚠️ https://note.zhaoj.in/share/2E2JG2PClHGF |
|---|
| Người dùng | glzjin (UID 59815) |
|---|
| Đệ trình | 05/01/2024 07:59 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 07/01/2024 21:11 (3 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 249875 [Inis đến 2.0.1 Proxy.php p_url nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|