| 标题 | QingdaoU OnlineJudge <=v1.6.1 Stored SSRF |
|---|
| 描述 | A stored Server-Side Request Forgery (SSRF) vulnerability exists in the Judge Server dispatcher of QingdaoU OnlineJudge. An attacker with access to a judge server token can submit a malicious service_url via the /api/admin/judge_server_heartbeat endpoint, which is then stored in the database. When the application subsequently processes judge tasks, it uses this unvalidated URL to construct and send internal HTTP requests. This allows the attacker to force the server to make arbitrary requests to internal network resources, potentially leading to metadata exfiltration, internal network scanning, or remote code execution.
|
|---|
| 来源 | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/27 |
|---|
| 用户 | Ana10gy (UID 93358) |
|---|
| 提交 | 2026-03-18 10時10分 (20 日前) |
|---|
| 管理 | 2026-04-04 08時44分 (17 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 355291 [QingdaoU OnlineJudge 直到 1.6.1 judge_server_heartbeat Endpoint JudgeServer.service_url 权限提升] |
|---|
| 积分 | 20 |
|---|