bufanyun HotGo Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability exists in bufanyun HotGo versions through 2.0. The issue is located in the ImageTransferStorage function within the file /server/internal/logic/common/upload.go, part of the Endpoint component. This vulnerability allows authenticated attackers to manipulate user-controlled URLs, initiating HTTP requests to internal resources without proper validation. Exploitation can lead to probing internal network services, accessing restricted metadata endpoints, bypassing firewall controls, scanning internal infrastructure ports, and exfiltrating sensitive data from otherwise inaccessible services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where internal resources can be accessed and probed, potentially leading to further exploitation of the network or services.

Reproduction

To reproduce this vulnerability, send a request to the /admin/upload/imageTransferStorage endpoint with a URL pointing to an internal resource. The server will process the request without validating the URL, allowing access to internal services.