Cloudfavorites Favorites-Web Server-Side Request Forgery Vulnerability

A critical server-side request forgery (SSRF) vulnerability has been identified in Cloudfavorites Favorites-Web versions through 1.3.0. The issue arises in the 'getCollectLogoUrl' function within 'CollectController.java', where the 'url' parameter is user-controllable and lacks proper security validation. This flaw allows remote attackers to manipulate the 'url' argument, potentially probing and exploiting internal services of the target system.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal services or external systems, potentially leading to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, send a POST request to '/collect/getCollectLogoUrl' with a crafted 'url' parameter. The request can be made using tools like curl or Postman, or through a web application vulnerability scanner that supports SSRF testing. Ensure that the 'url' parameter points to a location that the server can access, such as an internal service or a controlled external resource.