Lucene search

K
seebugRootSSV:92723
HistoryFeb 27, 2017 - 12:00 a.m.

DokuWiki SSRF Security Bypass Vulnerability(CVE-2016-7964 )

2017-02-2700:00:00
Root
www.seebug.org
15

0.001 Low

EPSS

Percentile

41.8%

I found a ssrf vulnerability in dokuwiki. The sendRequest method in HTTPClient Class(In file: /inc/HTTPClient.php) has no restrict to access private network, such as, 10.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16. This allows user to scan port of internal network.

For example,

  1. edit any page in dokuwiki
  2. Input ssrf{{http://127.0.0.1/log.php?ssrftest.png?recache|}}
  3. Hit preview

0.001 Low

EPSS

Percentile

41.8%

Related for SSV:92723