GeekAI Server-Side Request Forgery Vulnerability in Download Function

A server-side request forgery (SSRF) vulnerability has been identified in GeekAI versions through 4.2.4. The issue arises in the Download function within the file api/handler/net_handler.go. This vulnerability allows remote exploitation, as the function accepts user-provided URL parameters without any security validation. The interface does not require authentication, directly using http.Get() to fetch HTTP responses and return them to the user.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can manipulate the server into making requests on their behalf. This could potentially be used to access internal services or resources that are not normally exposed to the public.

Reproduction

To reproduce this vulnerability, send a request to the '/api/download' endpoint with a URL parameter. The server will process the request without validating the URL, leading to a server-side request forgery. This can be verified by observing the server's response or by accessing internal resources through the forged request.

Remediation

It is recommended to implement authentication and authorization for the '/api/download' endpoint to prevent unauthorized access. Additionally, URL validation should be introduced, including whitelisting allowed domains and blocking internal IP addresses and cloud metadata.