After logging in, click website Management-> Link module, add a link, and enter the URL of the test at the Logo parameter.Click Save,When saving, a request will be made to the target URL
After logging in, click website Management-> Link module, add a link, and enter the URL of the test at the Logo parameter.Click Save,When saving, a request will be made to the target URL
After logging in, click website Management-> Link module, add a link, and enter the URL of the test at the Logo parameter.Click Save,When saving, a request will be made to the target URL
We can use python to set up a HTTP service as the target server,Judge whether the service is enabled according to the response result of the server accessing the target URL
This vulnerability can realize the function of intranet port detection, access different ports, open echoes will be different
If the port is open, it will take more than a thousand Millisecond
If the port is shut down, it will take more than two thousand Millisecond,You can see that if the service is not enabled, the request takes almost twice as long.
After logging in, click website Management-> Link module, add a link, and enter the URL of the test at the Logo parameter.Click Save,When saving, a request will be made to the target URL
We can use python to set up a HTTP service as the target server,Judge whether the service is enabled according to the response result of the server accessing the target URL
This vulnerabilitycan realize the function of intranet port detection, access different ports, open echoes will be different
Iftheport is open, itwill take more than a thousand Millisecond
If the port is shut down, it will take more than two thousand Millisecond,You can see that if the service is not enabled, the request takes almost twice as long.
After logging in, click website Management-> Link module, add a link, and enter the URL of the test at the Logo parameter.Click Save,When saving, a request will be made to the target URL
There are two SSRF vulnerabilities in OneBlog v2.3.4, one in adding friendly links and theother in the article porter function, which can be exploited by attackers to initiate probes on intranet services.
## Scope of influence
OneBlog v2.3.4
## vulnerability Reappearance
### The first SSRFvulnerability:
Tologin to the systemusing the account password root/123456, click Lab-> Article Porter Module
We can use python to set up a HTTP service as the target server,Judge whether the service is enabled according to the response result of the server accessing the target URL
This vulnerability can realize the function of intranet port detection, access different ports, open echoes will be different
If the port is open, it will take more than a thousand Millisecond
If the port is shutdown, it will take more than two thousand Millisecond,You can see that if the service is not enabled, the request takes almost twice as long.
After logging in, click website Management-> Link module, add a link, and enter the URL of the test at the Logo parameter.Click Save,When saving, a request will be made to the target URL