JeecgBoot Server-Side Request Forgery Vulnerability in Image Upload Function

A server-side request forgery (SSRF) vulnerability has been identified in JeecgBoot version 3.9.0. The issue arises in the file '/sys/common/uploadImgByHttp', where the 'fileUrl' parameter is manipulated, allowing remote attackers to induce the server to make HTTP requests to arbitrary domains, including sensitive internal network resources. The affected endpoint is intended to fetch remote images based on user-provided URLs, but it lacks proper validation of the target IP addresses. This vulnerability can be exploited by authenticated attackers to bypass network firewalls and access internal services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where the server is tricked into making requests to internal resources, potentially leading to unauthorized access to sensitive data or services.

Reproduction

To reproduce this vulnerability, send a request to the '/sys/common/uploadImgByHttp' endpoint with a crafted 'fileUrl' parameter that points to an internal IP address or localhost. The server will process the request, retrieve the response from the internal service, and save it as a static file, returning the internal data to the attacker.

Remediation

It is recommended to implement validation on the 'fileUrl' parameter to restrict requests to internal IP ranges, such as localhost or private Intranet addresses.