| tiêu đề | Typecho 1.3.0 and earlier Server-Side Request Forgery |
|---|
| Mô tả | A server-side request forgery vulnerability was identified in Typecho 1.3.0 and earlier in the /action/service?do=ping endpoint. The issue can be triggered by combining insufficient validation of the time-based token with unsafe handling of the Pingback workflow. An unauthenticated attacker may cause the application to fetch attacker-controlled content, extract a Pingback endpoint, and then issue a second-stage server-side POST request to an internal or attacker-controlled target. This may allow internal network access, service probing, and interaction with exposed internal services depending on the deployment environment. The vendor was notified via the official security contact on March 4, 2026. No acknowledgment or public fix was observed as of April 6, 2026. This submission intentionally omits weaponized proof-of-concept details to reduce risk to users. |
|---|
| Nguồn | ⚠️ https://wang1rrr.github.io/2026/03/04/CVE-Report-Typecho-v1-3-0-SSRF/ |
|---|
| Người dùng | wang1r (UID 96111) |
|---|
| Đệ trình | 06/04/2026 10:44 (cách đây 21 ngày) |
|---|
| Kiểm duyệt | 25/04/2026 16:11 (19 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 359605 [Typecho đến 1.3.0 Ping Back Service Endpoint var/Widget/Service.php Service::sendPingHandle X-Pingback/link nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|