SourceCodester Link Status Checker Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in SourceCodester Link Status Checker version 1.0. The issue resides in the file index.php, where the proxy parameter is processed without adequate validation. This flaw allows remote attackers to manipulate the proxy argument, enabling them to make arbitrary HTTP requests from the server. Such exploitation could target internal services, conduct port scanning, access cloud metadata, or potentially compromise internal networks.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal services, internal network compromise, or abuse of the vulnerable server to scan ports or access cloud metadata.

Reproduction

To reproduce this vulnerability, send a request to the Link Status Checker application with a crafted proxy parameter. The server will process this parameter without proper validation, allowing access to internal resources or services.