Anheng Mingyu Operation and Maintenance Audit and Risk Control System XML-RPC Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the Anheng Mingyu Operation and Maintenance Audit and Risk Control System, in versions prior to 2023-08-10. The vulnerability resides in the XML-RPC handler for Unix socket communication. It allows attackers to send specially crafted XML-RPC requests that can manipulate the server into connecting to internal Unix socket RPC endpoints and executing privileged XML-RPC methods. Exploitation of this vulnerability enables the creation of arbitrary user accounts on the system, potentially leading to unauthorized access and control over the bastion host.

Impact

Exploitation of this vulnerability allows for the creation of arbitrary user accounts, which could be used to gain unauthorized access and control over the system.

Reproduction

To reproduce this vulnerability, send a POST request to the '/service/' endpoint with the 'unix' parameter pointing to the internal XML-RPC Unix socket. Include an XML-RPC method call to 'web.user_add' in the request body, specifying the details of the user account to be created.