Quequnlong Shiyi-Blog Server-Side Request Forgery Vulnerability

A critical server-side request forgery (SSRF) vulnerability has been identified in Quequnlong Shiyi-Blog versions through 1.2.1. The issue resides in the '/app/sys/article/optimize' file, where manipulation of the 'url' argument allows for unauthorized requests to be sent to internal network services, potentially compromising network security.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make requests to internal services or resources, bypassing network security controls.

Reproduction

To reproduce this vulnerability, upload a file through the '/api/file/upload' endpoint using directory traversal techniques to manipulate the file path. This can be done by including '../' sequences in the 'filename' parameter to upload files to arbitrary locations on the server. Once the file is uploaded, the SSRF vulnerability can be exploited by sending a request to the '/api/sys/article/reptile' endpoint with a URL that points to a sensitive internal service.