Description

Web application with the function of uploading images through a link provided by the user . This access error leads to RCE and scanning of intranet ports

Proof of Concept

Link video Poc
https://drive.google.com/file/d/17fksa8odZAqCuqRQbOCutc9I7eoN_un-/view?usp=sharing

Steps

1 . Use a service like burp collaborator to observer incoming requests.

2 . Go to the add news function, in the image section there is a button for the user to provide the image link

3 . Provide the url using the Burp Collaborator server’s domain name to request the web app to access

4 . Observe incoming DNS and HTTP requests. and see that there is a request from the linux server sent to the Burp Collaborator server

5 . Video poc conducted an internal port scan to see what ports are open based on response time