itwanger paicoding Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in itwanger paicoding versions 1.0.0, 1.0.1, 1.0.2, and 1.0.3. The vulnerability exists in the Image Save Endpoint, specifically within the Save function of the ImageRestController.java file. This issue allows authenticated users to manipulate the 'img' argument, bypassing URL validation and potentially accessing internal network resources or restricted services. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can send crafted requests from the server to internal or external services, potentially leading to unauthorized access or data exposure.

Reproduction

To reproduce this vulnerability, an authenticated user can upload an image by sending a POST request to the '/img/save' endpoint with a manipulated 'img' parameter. The server's response can be monitored to confirm successful exploitation, such as accessing internal resources or cloud metadata endpoints.