Headline
CVE-2021-41403: Server-side request forgery vulnerability (SSRF) · Issue #60 · flatCore/flatCore-CMS
flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities.
Describe the bug
Server-side request forgery vulnerability (SSRF)
To Reproduce
Steps to reproduce the behavior:
1.go to ‘acp/acp.php?tn=pages&sub=index’
2. Enter the intranet address in the box to request
3. Can make a request to the intranet
Screenshots
request packet
Locate the vulnerable code /acp/core/pages.index.php
The start_index parameter calls the function fc_crawler
Tracing the fc_crawler function
Locate the vulnerable code /acp/core/functions_index.php
Continue to track the fc_loadSourceCode function
dict protocol for request
Use gopher protocol for request
gopher://192.168.172.114:9333/aaaaa
Led to the SSRF vulnerability
Desktop (please complete the following information):
- OS: MacOS
- Browser all
- Version last version