taoofagi easegen-admin Server-Side Request Forgery Vulnerability in PPT File Handler

A server-side request forgery (SSRF) vulnerability has been identified in the taoofagi easegen-admin application, specifically in versions prior to the commit 8f87936ac774065b92fb20aab55b274a6ea76433. The vulnerability resides in the PPT File Handler component, within the 'downloadFile' function of the 'PPTUtil.java' file. This issue allows remote attackers to manipulate the 'url' parameter, enabling them to send requests from the server to arbitrary internal or external destinations. The vulnerability has been publicly disclosed and is exploitable by authenticated users.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external systems, potentially leading to unauthorized access or information disclosure.

Reproduction

To reproduce this vulnerability, an authenticated user can send a POST request to the '/admin-api/digitalcourse/course-ppts/create' endpoint. The request must include an 'Authorization' header with a valid token. The 'url' parameter can be manipulated to point to an external site, such as a webhook, which will receive the request from the server, demonstrating the SSRF vulnerability.