BoyunCMS Server-Side Request Forgery Vulnerability in Curl Component
Vulnerability
A critical server-side request forgery (SSRF) vulnerability has been identified in BoyunCMS versions through 1.4.20. The issue arises in the file '/application/pay/controller/Index.php', where user-supplied URLs are sent to the curl component without proper validation. This flaw allows remote attackers to make requests to internal or arbitrary network resources, potentially accessing sensitive internal services.
Impact
Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal resources or external services, bypassing network restrictions and potentially accessing sensitive information or services.
Reproduction
To reproduce this vulnerability, send a request to the '/pay/index/http_curl' endpoint with a URL parameter that includes a 'gopher' URL pointing to a listener on an internal or external server. The server will respond with the data retrieved through the SSRF vulnerability, demonstrating access to the specified resource.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.