Headline
CVE-2022-28090: Jspxcms 10.2.0版本 后台存在SSRF · Issue #I4ZKDR · jspxcms/Jspxcms - Gitee.com
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
When not logged in, the access trigger point will jump to the login page
![payload1](https://images.gitee.com/uploads/images/2022/0325/150016_20132aac_2109467.png “屏幕截图.png”)
After login access trigger point: /cmscp/ext/collect/fetch_url.do?url=https://www.baidu.com/
![输入图片说明](https://images.gitee.com/uploads/images/2022/0325/150055_2f969283_2109467.png “屏幕截图.png”)
This vulnerability can realize the function of intranet port detection, access different ports, open and open echoes will be different
![输入图片说明](https://images.gitee.com/uploads/images/2022/0325/150246_d1996c5d_2109467.png “屏幕截图.png”)
![输入图片说明](https://images.gitee.com/uploads/images/2022/0325/150255_ecd40632_2109467.png “屏幕截图.png”)