You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
Attackers can pass malicious URLs as parameters to the pingback.ping method by constructing malicious requests. The first parameter in this method allows passing any URL, and the server will send the request with that URL as a parameter. Due to the lack of effective input verification and filtering mechanisms, attackers can exploit this vulnerability to initiate server-side requests, which may lead to security issues such as sensitive information leakage and server resource abuse. Proof of Concept
Hello, this vulnerability may not exist as an SSRF vulnerability.
Based on your description, there may be attackers using the Pingback module to cause DoS or DDoS attacks on other sites.
This's the relevant literature. Its level of harm has constituted a security vulnerability,I'm not planning to apply for a CVE number for this vulnerability, but I hope you can fix it as soon as possible.
Vulnerability report
Description
Attackers can pass malicious URLs as parameters to the pingback.ping method by constructing malicious requests. The first parameter in this method allows passing any URL, and the server will send the request with that URL as a parameter. Due to the lack of effective input verification and filtering mechanisms, attackers can exploit this vulnerability to initiate server-side requests, which may lead to security issues such as sensitive information leakage and server resource abuse.
Proof of Concept
问题出现的环境
The text was updated successfully, but these errors were encountered: