Wangsongyan Wblog Server-Side Request Forgery Vulnerability
Vulnerability
A server-side request forgery (SSRF) vulnerability has been identified in Wangsongyan Wblog version 0.0.1. The issue arises in the RestorePost function within backup.go, where the user-controlled fileName parameter is retrieved without proper validation or sanitization. This vulnerability allows attackers to manipulate the fileName argument, potentially leading to unauthorized HTTP requests being initiated by the server to internal or external resources.
Impact
Exploitation of this vulnerability allows for arbitrary HTTP requests to be made from the server, which can be used to access internal services, discover open ports, and bypass network isolation to attack otherwise inaccessible systems.
Reproduction
To reproduce this vulnerability, send a POST request to the server with a crafted fileName parameter. The value of fileName should be manipulated to include a URL that the server will request. If cfg.Qiniu.FileServer is empty, the server will make a request to the specified URL, which can be an internal service such as a database API or a MySQL database running on localhost.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.