FastGPT DNS Rebinding Vulnerability in isInternalAddress Function Allows Server-Side Request Forgery

A vulnerability in FastGPT versions through 4.14.11 allows for DNS rebinding attacks that bypass private IP checks, leading to server-side request forgery (SSRF) on protected endpoints. The issue arises in the isInternalAddress() function, which validates resolved IPs against private ranges but fails to maintain this validation during the actual HTTP request, allowing attackers to exploit the timing of DNS resolutions. This vulnerability affects all endpoints that utilize the isInternalAddress() function, enabling access to cloud metadata and internal services.

Impact

Exploitation of this vulnerability bypasses all private IP checks, not just the metadata blocklist, and allows for unauthorized access to cloud metadata and internal network services via DNS rebinding.

Reproduction

The vulnerability can be reproduced by sending a request to an endpoint that calls the isInternalAddress() function with a hostname controlled by the attacker. The first DNS lookup will resolve to a public IP, passing the internal address check, but the second lookup can be manipulated to return a private IP, such as one that accesses cloud metadata, thereby exploiting the vulnerability.

Remediation

Users are advised to implement DNS pinning by resolving the hostname once, checking the IP against internal ranges, and then using the resolved IP for the HTTP connection. Alternatively, a secure HTTP client that performs DNS pinning can be used.