prompts.chat Blind Server-Side Request Forgery Vulnerability in Wiro Media Generator
Vulnerability
A blind server-side request forgery (SSRF) vulnerability has been identified in prompts.chat, prior to commit 1464475. This vulnerability resides in the Wiro media generator and allows authenticated users to send server-side requests using user-controlled inputImageUrl parameters. Exploitation involves sending POST requests to the /api/media-generate endpoint, which can be used to probe internal networks, access internal services, and exfiltrate data through the upstream Wiro service, all without receiving direct response bodies.
Impact
Exploitation of this vulnerability could lead to unauthorized access to internal services and data exfiltration, facilitated by the upstream Wiro service.
Reproduction
To reproduce this vulnerability, an authenticated user can send a POST request to the /api/media-generate endpoint with a crafted inputImageUrl parameter. This parameter should be designed to probe internal networks or access internal services. The absence of direct response bodies can be used to exfiltrate data through the Wiro service.
Remediation
Users are advised to update to the latest version of prompts.chat, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.