| tiêu đề | 60IndexPage 60IndexPage ≤v1.8.5 SSRF |
|---|
| Mô tả | The file /apply/index.php in the 60IndexPage System software version ≤v1.8.5, hosted at https://hao.lylme.com/, has been identified to contain a Pre-Authentication Blind Server Side Request Forgery (SSRF) vulnerability. This issue arises as the 'url' parameter accepted by the file is directly passed to the cURL function without proper sanitization, and only a superficial check for image extension is performed using pathinfo. This vulnerability allows an attacker to send arbitrary requests from the server to an external or internal network, potentially enabling unauthorized access to sensitive data or services. The vulnerability was confirmed by sending a test request using the gopher protocol and successfully receiving the response on the attacker's server. |
|---|
| Nguồn | ⚠️ https://note.zhaoj.in/share/iNSyaClT0hGi |
|---|
| Người dùng | glzjin (UID 59815) |
|---|
| Đệ trình | 19/01/2024 09:06 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 26/01/2024 13:44 (7 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 252190 [60IndexPage đến 1.8.5 Parameter /apply/index.php url nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|