| tiêu đề | SourceCodester Website Link Extractor 1.0 (or Latest) Server-Side Request Forgery (SSRF) |
|---|
| Mô tả | A Server-Side Request Forgery (SSRF) vulnerability exists in the Website Link Extractor application by SourceCodester.
The application accepts a user-supplied URL and retrieves its content using the PHP function file_get_contents() without proper validation, filtering, or network restrictions.
An attacker can supply crafted URLs to access internal resources and services. The application allows requests to internal addresses such as:
http://127.0.0.1
http://localhost
http://[email protected]
Impact:
The vulnerability allows an attacker to access internal services, perform internal network enumeration, and potentially retrieve sensitive information depending on the server environment.
The vulnerability may allow access to internal services such as 127.0.0.1, internal admin panels, or cloud metadata endpoints (e.g., AWS x.x.x.x).
Full technical details and screenshots are available in the public advisory.
|
|---|
| Nguồn | ⚠️ https://medium.com/@hemantrajbhati5555/ssrf-vulnerability-in-sourcecodester-website-link-extractor-v1-0-5df6bb708f5e |
|---|
| Người dùng | Hemant Raj Bhati (UID 95613) |
|---|
| Đệ trình | 15/02/2026 20:54 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 24/02/2026 22:54 (9 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 347670 [SourceCodester Website Link Extractor 1.0 URL file_get_contents nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|