| 标题 | SourceCodester SEO Meta Tag Extractor 1.0 Server-Side Request Forgery |
|---|
| 描述 | A server-side request forgery vulnerability was found in SourceCodester SEO Meta Tag Extractor 1.0.
The vulnerable application reads the "url" POST parameter and passes it directly into get_headers() and file_get_contents() inside the fetchMetaTags() function of index.php. No host or IP-level validation is performed; the only check, FILTER_VALIDATE_URL, validates URL syntax only and does not reject private, loopback, or link-local addresses. Because file_get_contents() follows HTTP redirects by default, even a future hostname blacklist could be bypassed via attacker-controlled redirects.
An unauthenticated remote attacker can supply crafted URLs to access internal resources and services. The application allows requests to internal addresses such as:
http://127.0.0.1:<port>
http://localhost:<port>
Impact:
The vulnerability allows an attacker to access internal services, perform internal network enumeration, and potentially retrieve sensitive information depending on the server environment. The vulnerability may allow access to internal services such as 127.0.0.1, internal admin panels, or cloud metadata endpoints (e.g., AWS IMDS at x.x.x.x), which can leak temporary IAM credentials on misconfigured cloud VMs.
The exploit has been disclosed to the public and may be used. Full technical details are available in the public advisory.
|
|---|
| 来源 | ⚠️ https://hackmd.io/@Kq4PsjnpQ5WfoMt8ho48LA/By9GXDkyGe |
|---|
| 用户 | Kevin57545 (UID 97896) |
|---|
| 提交 | 2026-05-11 17時56分 (28 日前) |
|---|
| 管理 | 2026-05-31 18時34分 (20 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 367580 [SourceCodester SEO Meta Tag Extractor 1.0 /index.php get_headers url 权限提升] |
|---|
| 积分 | 20 |
|---|