Miurla Morphic Server-Side Request Forgery Vulnerability
Vulnerability
A server-side request forgery (SSRF) vulnerability has been identified in Miurla Morphic versions through 0.4.5. The issue arises in the 'fetchHtml' function within the '/api/advanced-search' endpoint, specifically related to the HTTP Status Code 3xx Handler component. This vulnerability allows remote exploitation by manipulating response status codes, potentially leading to unauthorized access of internal services, port detection, and even causing a denial-of-service condition by repeatedly accessing specified sites.
Impact
Exploitation of this vulnerability could allow attackers to access internal services, perform port scanning, and create a denial-of-service condition by frequently visiting designated websites.
Reproduction
To reproduce this vulnerability, send a POST request to the '/api/advanced-search' endpoint with the 'searchDepth' parameter set to 'advanced'. This will trigger the 'crawlPage' function, which eventually calls the 'fetchHtml' function. If the 'fetchHtml' function receives a response with a 3xx status code, the vulnerability can be exploited by redirecting to an internal service or an attacker's controlled URL.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.