Shanghai Lingdang Information Technology Lingdang CRM Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Shanghai Lingdang Information Technology Lingdang CRM versions through 8.6.5.4. The issue resides in the file 'crm/WeiXinApp/dingtalk/index_event.php', where the 'corpurl' parameter is manipulated, allowing remote attackers to send requests to internal services or external sites, potentially leading to unauthorized information access or modification.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external resources. This could be used to interact with internal services, bypassing network restrictions, or to extract sensitive information from the server's environment.

Reproduction

To reproduce this vulnerability, send a request to 'crm/WeiXinApp/dingtalk/index_event.php' with a crafted 'corpurl' parameter. The server will process the request and redirect based on the 'corpurl' value, effectively allowing the server to make requests to the specified URL. This can be tested using a domain that the attacker controls to observe the request being made.