ThinkDashboard Blind Server-Side Request Forgery Vulnerability in API Ping Endpoint

A Blind Server-Side Request Forgery (SSRF) vulnerability has been identified in ThinkDashboard versions through 0.6.7. The issue resides in the '/api/ping?url=' endpoint, where the application fails to validate the URL parameter. This oversight allows attackers to send arbitrary requests to internal or external hosts. Exploitation of this vulnerability could lead to unauthorized network reconnaissance, such as discovering open ports on the local machine or internal network, and identifying active hosts.

Impact

Exploitation of this vulnerability could allow an attacker to map out a network, identifying live hosts and open ports. Additionally, if there are internal endpoints that perform actions when requested, an attacker could trigger those actions remotely.

Reproduction

To reproduce this vulnerability, send a request to the '/api/ping?url=' endpoint with a URL that points to an external server. If the request is successful, the server will respond, indicating that the SSRF vulnerability can be exploited. This vulnerability can be automated with a script to scan internal IP addresses or ports.

Remediation

Users are advised to update ThinkDashboard to version 0.6.8, where this vulnerability has been fixed.