Donglight Bookstore Server-Side Request Forgery Vulnerability
Vulnerability
A critical server-side request forgery (SSRF) vulnerability has been identified in Donglight Bookstore version 1.0.0. The issue arises in the 'getHtml' function of 'src/main/java/org/zdd/bookstore/rawl/HttpUtil.java', where incoming URL parameters are not properly validated. This flaw allows attackers to probe internal network services by sending crafted URLs and measuring the response times, potentially leading to unauthorized access or manipulation of internal resources.
Impact
Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal services or resources, bypassing network restrictions.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/write' endpoint with a URL parameter pointing to an internal service, such as a database port. If the internal service is accessible, it will respond quickly, indicating that the SSRF vulnerability can be exploited.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.