wgcloud Server-Side Request Forgery Vulnerability in Database Management Connection Test
Vulnerability
A server-side request forgery (SSRF) vulnerability has been identified in wgcloud version 3.6.3, specifically within the backend database management connection test feature. This vulnerability allows the server to send requests that can probe the internal network, remotely download malicious files, and execute other potentially harmful operations.
Impact
Exploitation of this vulnerability could lead to unauthorized internal network probing, remote downloading of malicious files, and execution of other dangerous operations on the server.
Reproduction
To reproduce this vulnerability, enable the 'fakemysql' option and send a crafted request to the '/dbInfo/validate' endpoint. The payload should include a JDBC MySQL connection string that points to a server within the internal network, with parameters that allow loading local files from the URL and increase the maximum allowed packet size. Once the request is processed, check the DNS log for a response indicating that the internal server was successfully contacted.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.