a security risk

Open pengshuo123 opened this issue 2 years ago • 0 comments

Until now,For all versions, there are security risks in the add_link method in the class/Api.php file. As shown in the figure, when we set the url to the intranet IP, we can also access the title, introduction and other information of the web website, which will be in the link name. After obtaining the title of the web service, daaa75cff8552e458b6c06e17960ab7d if other services are enabled, such as the Elastic monitoring service, you can also add ports to see if other web services are enabled and detect intranet web service information.

Dec 08 '23 09:12 pengshuo123