Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There an Server-side request forgery vulnerability #852

Open
LockeTom opened this issue Jul 29, 2024 · 1 comment
Open

There an Server-side request forgery vulnerability #852

LockeTom opened this issue Jul 29, 2024 · 1 comment

Comments

@LockeTom
Copy link

Description
Eladmin v2.7 has an Server-side request forgery vulnerability in the Server management.

When an attacker adds a server, an attacker can construct an arbitrary IP address and initiate a test connection request for the IP address on the frontend, and the server will initiate a connection request for the IP address.

Vulnerable code

eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/ServerDeployController.java
image

Step 1

Add data to the frontend and initiate a test connection
image

Step 2
We use burp to capture packets and change the IP address to DNSlog
image

Step 3
Let's look at the dnglog record,We can see that the server has initiated a connection test request for the IP
image

Versions
eladmin ≤ v2.7

Reporter
https://github.com/LockeTom

@KentKong666
Copy link

KentKong666 commented Aug 21, 2024

This should be controlled when there is a permission-access limit. The PreAuthorize attribute can prevent the attack behavior. Anyway, this is good catch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants