| 标题 | rebuild rebuild <= 3.5.5 SSRF |
|---|
| 描述 | There is an SSRF vulnerability in the FileDownLoader#readRawText method. Since the URL parameters are controllable, an http request is initiated to the specified url and the request result is returned. The attacker uses this vulnerability to detect intranet services and ports and read related files. |
|---|
| 来源 | ⚠️ https://www.yuque.com/mailemonyeyongjuan/tha8tr/yemvnt5uo53gfem5 |
|---|
| 用户 | lemono (UID 59906) |
|---|
| 提交 | 2024-01-27 05時51分 (2 年前) |
|---|
| 管理 | 2024-01-29 11時47分 (2 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 252290 [Rebuild 直到 3.5.5 HTTP Request readRawText url 权限提升] |
|---|
| 积分 | 17 |
|---|