Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jpress has a SSRF Vulnerability #190

Open
ilikeoyt opened this issue Sep 4, 2024 · 0 comments
Open

Jpress has a SSRF Vulnerability #190

ilikeoyt opened this issue Sep 4, 2024 · 0 comments

Comments

@ilikeoyt
Copy link

ilikeoyt commented Sep 4, 2024

Download the latest version and start it locally

image
Replication process:
Login to the backend and create a new data source

image
Select dynamic data source and add the ip of dnslog.

image
After submitting, you can get the id from the queryDatasources route.

image
Then use queryOptions route to trigger ssrf.

image
image

Code Analysis:
Come to src/main/jsrf
src/main/java/io/jpress/module/form/controller/admin/_FormDatasourceController.java file
The queryDatasources route corresponds to the method that can be used to query the ids

image
If the data is dynamic, the method corresponding to the queryOptions route calls the proxy.start method.

image
Finally, the doSendRequest method is called to trigger the ssrf.

image

@ilikeoyt ilikeoyt changed the title Jpress has a SSRF Vul Jpress has a SSRF Vulnerability Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant