yanyutao0402 ChanCMS Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in yanyutao0402 ChanCMS version 3.3.0. The issue arises in the CollectController's getArticle method, where the taskUrl parameter is not properly validated before being sent to collect.common. This lack of validation allows attackers to manipulate the taskUrl and potentially access internal network resources or services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can send requests to internal services or resources, bypassing network restrictions.

Reproduction

To reproduce this vulnerability, send a POST request to /cms/collect/getArticle with a JSON payload that includes a taskUrl pointing to an internal resource, such as http://127.0.0.1:80. The request will be processed by the vulnerable getArticle method, which lacks proper URL validation, allowing for unauthorized access to internal services.