You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
Eladmin v2.7 has an Server-side request forgery vulnerability in the Server management.
When an attacker adds a server, an attacker can construct an arbitrary IP address and initiate a test connection request for the IP address on the frontend, and the server will initiate a connection request for the IP address.
This should be controlled when there is a permission-access limit. The PreAuthorize attribute can prevent the attack behavior. Anyway, this is good catch.
Description
Eladmin v2.7 has an Server-side request forgery vulnerability in the Server management.
When an attacker adds a server, an attacker can construct an arbitrary IP address and initiate a test connection request for the IP address on the frontend, and the server will initiate a connection request for the IP address.
Vulnerable code
eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/ServerDeployController.java
Step 1
Add data to the frontend and initiate a test connection
Step 2
We use burp to capture packets and change the IP address to DNSlog
Step 3
Let's look at the dnglog record,We can see that the server has initiated a connection test request for the IP
Versions
eladmin ≤ v2.7
Reporter
https://github.com/LockeTom
The text was updated successfully, but these errors were encountered: