HuangDou UTCMS Server-Side Request Forgery Vulnerability in Config Handler
Vulnerability
A server-side request forgery (SSRF) vulnerability has been identified in HuangDou UTCMS version 9. The issue arises in the Config Handler component, specifically within the file 'app/modules/ut-frame/admin/update.php'. The vulnerability allows remote attackers to manipulate the 'UPDATEURL' argument, leading to unauthorized requests being sent from the server.
Impact
Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external resources, potentially leading to further exploitation or information disclosure.
Reproduction
To reproduce this vulnerability, an authenticated user must access the 'update.php' page in the admin module. Once there, the 'UPDATEURL' parameter can be modified to point to an external server. After uploading a ZIP file containing a web shell to the specified URL, the file will be automatically downloaded, decompressed, and executed on the server, resulting in remote code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.