xiweicheng TMS Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in xiweicheng TMS versions through 2.28.0. The issue arises in the 'Summary' function of 'src/main/java/com/lhjz/portal/util/HtmlUtil.java', where the 'url' argument is manipulated, allowing remote attackers to initiate unauthorized requests from the server.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external resources, potentially leading to further exploitation or information disclosure.

Reproduction

To reproduce this vulnerability, send a POST request to '/admin/chat/channel/create' or '/admin/blog/comment/create' with a 'content' parameter that includes a URL. The request will be processed without proper validation, allowing the server to fetch the specified URL, thus exploiting the SSRF vulnerability.