Skip to content

云端收集箱 SSRF(服务端请求伪造)漏洞 #5183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 task done
retnullyu opened this issue Jun 14, 2022 · 1 comment
Closed
1 task done

云端收集箱 SSRF(服务端请求伪造)漏洞 #5183

retnullyu opened this issue Jun 14, 2022 · 1 comment
Assignees
@88250
Labels
Bug
Milestone
2.0.20

Comments

@retnullyu
Copy link

retnullyu commented Jun 14, 2022
edited
Loading

该问题是否已经被报告过了? Is there an existing issue for this?

  • 我已经搜索了 Issues,没有发现类似问题
    I have searched the existing issues

描述问题 Describe the problem

漏洞摘要

SSRF漏洞,即服务端请求伪造漏洞。通过构造file ftp等协议可读取内网文件,探测内网端口,甚至直接控制服务器。参考地址

漏洞证明

  1. 构造file伪协议读取系统文件

image

2. 文件读取至本地笔记收集箱(p.s此文件只能读取到用户名,不会泄露思源服务器上密码等敏感信息)

image

漏洞修复

  • 禁用其他伪协议,如file ftp等协议。
  • 对于此功能最简单的防护后端过滤非http或https协议的url

期待的结果 Expected result

没有漏洞tag issue,只好在这提啦

截屏或者录屏演示 Screenshot or screen recording presentation

No response

版本环境 Version environment

- Version: 
- Operating System: 系统无关
- Browser (if used): 无关

日志文件 Log file

无关本地日志

更多信息 More information

No response
@88250 88250 changed the title 思源笔记收集箱存在SSRF漏洞(服务端请求伪造漏洞) 云端收集箱 SSRF(服务端请求伪造)漏洞 Jun 14, 2022
@88250 88250 self-assigned this Jun 14, 2022
@88250 88250 added the Bug label Jun 14, 2022
@88250 88250 added this to the 2.0.20 milestone Jun 14, 2022
@88250
Copy link
Member

88250 commented Jun 14, 2022

非常感谢反馈,刚刚已经修复。

如果还有发现云端安全隐患,麻烦发送邮件到 845765@qq.com 报告,谢谢。

@88250 88250 closed this as completed Jun 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@88250 88250

Labels
Bug
Projects
None yet
Milestone
2.0.20
Development

No branches or pull requests
2 participants
@88250 @retnullyu