Security vulnerabilities

  • Status Closed
  • Assigned To
    cbay
  • Private
Attached to Project: Security vulnerabilities
Opened by waloodi_109 - 11.11.2024
Last edited by cbay - 12.11.2024

FS#95 - SSRF WITH FILE UPLOAD FUNCTIONALITY

SSRF WITH FILE UPLOAD FUNCTIONALITY:

Hello Team, I hope you are doing well. I found a ssrf through pdf upload in https://admin.alwaysdata.com/support.

Steps to Reproduce:

1. Go to https://admin.alwaysdata.com/support and upload a pdf file which have ssrf through ( "Burp Collab" or malicious url redirection "attacker.com")

2. Send this file to any user when he/she open that file and click the link in that it will redirect to attacker website or http and dns response will be shown in Burpsuite.

Impact
The vulnerability could be used to conduct further attacks, such as accessing internal systems or exfiltrating sensitive data.

Attacker will redirect any user to their website to steal data of user and can do whatever he/she wants.

Thank You,

Waleed Anwar

Closed by  cbay
12.11.2024 09:43
Reason for closing:  Invalid
Admin
cbay commented on 12.11.2024 09:29

Hello,

If I understand correctly, your scenario has nothing to do with SSRF (which implies that the server does unwanted requests).

Basically, what you're saying is, if you upload a PDF which has a "bad" link in it from the support section and you make the user (from our support team) click on it, then the user will go to that (bad) link?

You don't need to upload a PDF for that, and I'm afraid we cannot consider this a vulnerability.

Kind regards,
Cyril

waloodi_109 commented on 12.11.2024 09:42

Attacker can send this file to anyuser to redirect it to the malicious website, the link is added through hyperlink. The Burp Collaborater showing http and dns responses, attacker can take the ip for further port scanning and so on.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing